CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
| Software | From | Fixed in |
|---|---|---|
| net-snmp / net-snmp | - | 5.8 |
| debian / debian_linux | 9.0 | 9.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 18.10 | 18.10.x |
| netapp / e-series_santricity_os_controller | 11.0 | 11.5.x |
| paloaltonetworks / pan-os | 8.0.16 | 8.1.6.x |
| paloaltonetworks / pan-os | 7.1.23 | 8.0.15.x |
| paloaltonetworks / pan-os | - | 7.1.22.x |
- http://www.securityfocus.com/bid/106265
- https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
- https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
- https://security.netapp.com/advisory/ntap-20181107-0001/
- https://security.paloaltonetworks.com/CVE-2018-18065
- https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
- https://usn.ubuntu.com/3792-1/
- https://usn.ubuntu.com/3792-2/
- https://usn.ubuntu.com/3792-3/
- https://www.debian.org/security/2018/dsa-4314
- https://www.exploit-db.com/exploits/45547/
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime