Dear All,
Is any outstanding vulnerability on the Standard version of NET-SNMP V5.7.3
(Not the pre-release version). It seems the v5.7.3 pre-release version is
still exposed to the following vulnerability.
CVE-2014-2285 <http://www.cvedetails.com/cve/CVE-2014-2285/> - The
perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Would like to know if this vulnerability has been addressed on the Standard
version of Net-snmp v5.7.3 or is there any bug fix release note indicate
this ?
Thank you all for your great insight and advice in advance.
Regards
Patrick
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
