Net-SNMP CVE-2018-18065 Remote Denial of Service Vulnerability

Net-SNMP is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to cause the affected application to crash resulting in a denial-of-service condition.

Information

Bugtraq ID: 106265
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-18065

Remote: Yes
Local: No
Published: Oct 06 2018 12:00AM
Updated: Mar 26 2019 05:00AM
Credit: Magnus Klaaborg Stubman
Vulnerable: Paloaltonetworks PAN-OS 8.1.6
Paloaltonetworks PAN-OS 8.1.5
Paloaltonetworks PAN-OS 8.1.4
Paloaltonetworks PAN-OS 8.1.3
Paloaltonetworks PAN-OS 8.1.2
Paloaltonetworks PAN-OS 8.1.1
Paloaltonetworks PAN-OS 8.1
Paloaltonetworks PAN-OS 8.0.15
Paloaltonetworks PAN-OS 8.0.14
Paloaltonetworks PAN-OS 8.0.13
Paloaltonetworks PAN-OS 8.0.12
Paloaltonetworks PAN-OS 8.0.9
Paloaltonetworks PAN-OS 8.0.8
Paloaltonetworks PAN-OS 8.0.2
Paloaltonetworks PAN-OS 8.0.1
Paloaltonetworks PAN-OS 7.1.22
Paloaltonetworks PAN-OS 7.1.21
Paloaltonetworks PAN-OS 7.1.20
Paloaltonetworks PAN-OS 7.1.19
Paloaltonetworks PAN-OS 7.1.16
Paloaltonetworks PAN-OS 7.1.12
Paloaltonetworks PAN-OS 7.1.11
Paloaltonetworks PAN-OS 7.1.9
Paloaltonetworks PAN-OS 7.1.5
Paloaltonetworks PAN-OS 7.1.4
Paloaltonetworks PAN-OS 7.1.3
Paloaltonetworks PAN-OS 7.1.2
Paloaltonetworks PAN-OS 7.1.1
Paloaltonetworks PAN-OS 7.1
Paloaltonetworks PAN-OS 8.0.7
Paloaltonetworks PAN-OS 8.0.6
Paloaltonetworks PAN-OS 8.0.5
Paloaltonetworks PAN-OS 8.0.4
Paloaltonetworks PAN-OS 8.0.3
Paloaltonetworks PAN-OS 8.0.11
Paloaltonetworks PAN-OS 8.0.10
Paloaltonetworks PAN-OS 7.1.8
Paloaltonetworks PAN-OS 7.1.7
Paloaltonetworks PAN-OS 7.1.6
Paloaltonetworks PAN-OS 7.1.18
Paloaltonetworks PAN-OS 7.1.17
Paloaltonetworks PAN-OS 7.1.14
Paloaltonetworks PAN-OS 7.1.13
Paloaltonetworks PAN-OS 7.1.10
Oracle Solaris 11.4
Net-SNMP Net-SNMP 5.7.3

Not Vulnerable: Paloaltonetworks PAN-OS 8.1.7
Paloaltonetworks PAN-OS 8.0.16
Paloaltonetworks PAN-OS 7.1.23
Net-SNMP Net-SNMP 5.8

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Bug 1637570 (CVE-2018-18065) - CVE-2018-18065 net-snmp: NULL pointer exception i (Red Hat Bugzilla)
CVE-2018-18065 (Red Hat Bugzilla)
net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) (Magnus Klaaborg Stubman)
Net-SNMP Homepage (Net-SNMP)
Net-SNMP unauthenticated remote Denial of Service (Dumpco)
A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS (Paloaltonetworks)
Oracle Solaris Third Party Bulletin - October 2018 (Oracle)

Source: www.securityfocus.com

Exploit Collector

Search Exploit