aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzi <zi@FreeBSD.org>2012-04-27 10:45:24 +0800
committerzi <zi@FreeBSD.org>2012-04-27 10:45:24 +0800
commit6f11a21be5dd9051547319eaad9759f38c26fae7 (patch)
tree30ca82dc959b3c58d01a20cc2f67bd60284f3bfd
parent3ce3f0ca6652951760a86c4ff52033514379435f (diff)
downloadfreebsd-ports-gnome-6f11a21be5dd9051547319eaad9759f38c26fae7.tar.gz
freebsd-ports-gnome-6f11a21be5dd9051547319eaad9759f38c26fae7.tar.zst
freebsd-ports-gnome-6f11a21be5dd9051547319eaad9759f38c26fae7.zip
- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141)
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 86311041772b..ea348837e1b9 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -52,6 +52,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5d85976a-9011-11e1-b5e0-000c299b62e1">
+ <topic>net-snmp -- Remote DoS</topic>
+ <affects>
+ <package>
+ <name>net-snmp</name>
+ <range><lt>5.7.1_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Red Hat Security Response Team reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=815813">
+ <p>An array index error, leading to out-of heap-based buffer read flaw was
+ found in the way the net-snmp agent performed lookups in the
+ extension table. When certain MIB subtrees were handled by the
+ extend directive, a remote attacker (having read privileges to the
+ subntree) could use this flaw to cause a denial of service condition
+ via an SNMP GET request involving a non-existent extension table
+ entry.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-2141</cvename>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=815813</url>
+ <url>http://www.openwall.com/lists/oss-security/2012/04/26/2</url>
+ </references>
+ <dates>
+ <discovery>2012-04-26</discovery>
+ <entry>2012-04-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="380e8c56-8e32-11e1-9580-4061862b8c22">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>