Mandrake Local Security Checks : Mandriva Update for net-snmp MDVSA-2012:099 (net-snmp)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831687

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for net-snmp MDVSA-2012:099 (net-snmp)

Resumen: The remote host is missing an update for the 'net-snmp'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'net-snmp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been discovered and corrected in net-snmp:

An array index error, leading to out-of heap-based buffer read flaw
was found in the way net-snmp agent performed entries lookup in the
extension table. When certain MIB subtree was handled by the extend
directive, a remote attacker having read privilege to the subtree could
use this flaw to cause a denial of service (snmpd crash) via SNMP GET
request involving a non-existent extension table entry (CVE-2012-2141).

The updated packages have been patched to correct this issue.

Affected Software/OS:
net-snmp on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2,
Mandriva Linux 2010.1

Solution:
Please Install the Updated Packages.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2141
1026984
http://www.securitytracker.com/id?1026984
48938
http://secunia.com/advisories/48938
53255
http://www.securityfocus.com/bid/53255
53258
http://www.securityfocus.com/bid/53258
59974
http://secunia.com/advisories/59974
GLSA-201409-02
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
RHSA-2013:0124
http://rhn.redhat.com/errata/RHSA-2013-0124.html
[oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
http://www.openwall.com/lists/oss-security/2012/04/26/2
[oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
http://www.openwall.com/lists/oss-security/2012/04/26/3
http://support.citrix.com/article/CTX139049
https://bugzilla.redhat.com/show_bug.cgi?id=815813
netsnmp-snmpget-dos(75169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75169

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831687
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for net-snmp MDVSA-2012:099 (net-snmp)
Resumen:	The remote host is missing an update for the 'net-snmp'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'net-snmp' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been discovered and corrected in net-snmp: An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry (CVE-2012-2141). The updated packages have been patched to correct this issue. Affected Software/OS: net-snmp on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2141 1026984 http://www.securitytracker.com/id?1026984 48938 http://secunia.com/advisories/48938 53255 http://www.securityfocus.com/bid/53255 53258 http://www.securityfocus.com/bid/53258 59974 http://secunia.com/advisories/59974 GLSA-201409-02 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml RHSA-2013:0124 http://rhn.redhat.com/errata/RHSA-2013-0124.html [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) http://www.openwall.com/lists/oss-security/2012/04/26/2 [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) http://www.openwall.com/lists/oss-security/2012/04/26/3 http://support.citrix.com/article/CTX139049 https://bugzilla.redhat.com/show_bug.cgi?id=815813 netsnmp-snmpget-dos(75169) https://exchange.xforce.ibmcloud.com/vulnerabilities/75169
Copyright	Copyright (C) 2012 Greenbone AG