Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-316)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120355

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-316)

Resumen: The remote host is missing an update for the 'net-snmp' package(s) announced via the ALAS-2014-316 advisory.

Descripción: Summary:
The remote host is missing an update for the 'net-snmp' package(s) announced via the ALAS-2014-316 advisory.

Vulnerability Insight:
A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)

Affected Software/OS:
'net-snmp' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-6151
55804
http://secunia.com/advisories/55804
57870
http://secunia.com/advisories/57870
59974
http://secunia.com/advisories/59974
64048
http://www.securityfocus.com/bid/64048
APPLE-SA-2015-10-21-4
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
GLSA-201409-02
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
RHSA-2014:0322
https://rhn.redhat.com/errata/RHSA-2014-0322.html
USN-2166-1
http://www.ubuntu.com/usn/USN-2166-1
[oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out
http://seclists.org/oss-sec/2013/q4/398
[oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out
http://seclists.org/oss-sec/2013/q4/415
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://sourceforge.net/p/net-snmp/bugs/2411/
https://bugzilla.redhat.com/show_bug.cgi?id=1038007
https://support.apple.com/HT205375
netsnmp-cve20126151-dos(89485)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
Common Vulnerability Exposure (CVE) ID: CVE-2014-2284
http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
http://comments.gmane.org/gmane.comp.security.oss.general/12284
RedHat Security Advisories: RHSA-2014:0321
http://rhn.redhat.com/errata/RHSA-2014-0321.html
http://secunia.com/advisories/57124
http://secunia.com/advisories/57526
http://secunia.com/advisories/57583
SuSE Security Announcement: openSUSE-SU-2014:0398 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html
SuSE Security Announcement: openSUSE-SU-2014:0399 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120355
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-316)
Resumen:	The remote host is missing an update for the 'net-snmp' package(s) announced via the ALAS-2014-316 advisory.
Descripción:	Summary: The remote host is missing an update for the 'net-snmp' package(s) announced via the ALAS-2014-316 advisory. Vulnerability Insight: A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284) Affected Software/OS: 'net-snmp' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6151 55804 http://secunia.com/advisories/55804 57870 http://secunia.com/advisories/57870 59974 http://secunia.com/advisories/59974 64048 http://www.securityfocus.com/bid/64048 APPLE-SA-2015-10-21-4 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html GLSA-201409-02 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml RHSA-2014:0322 https://rhn.redhat.com/errata/RHSA-2014-0322.html USN-2166-1 http://www.ubuntu.com/usn/USN-2166-1 [oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out http://seclists.org/oss-sec/2013/q4/398 [oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out http://seclists.org/oss-sec/2013/q4/415 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://sourceforge.net/p/net-snmp/bugs/2411/ https://bugzilla.redhat.com/show_bug.cgi?id=1038007 https://support.apple.com/HT205375 netsnmp-cve20126151-dos(89485) https://exchange.xforce.ibmcloud.com/vulnerabilities/89485 Common Vulnerability Exposure (CVE) ID: CVE-2014-2284 http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/ http://comments.gmane.org/gmane.comp.security.oss.general/12284 RedHat Security Advisories: RHSA-2014:0321 http://rhn.redhat.com/errata/RHSA-2014-0321.html http://secunia.com/advisories/57124 http://secunia.com/advisories/57526 http://secunia.com/advisories/57583 SuSE Security Announcement: openSUSE-SU-2014:0398 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html SuSE Security Announcement: openSUSE-SU-2014:0399 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html
Copyright	Copyright (C) 2015 Greenbone AG