Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0876)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123888

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2012-0876)

Summary: The remote host is missing an update for the 'net-snmp' package(s) announced via the ELSA-2012-0876 advisory.

Description: Summary:
The remote host is missing an update for the 'net-snmp' package(s) announced via the ELSA-2012-0876 advisory.

Vulnerability Insight:
[1:5.5-41]
- moved /var/lib/net-snmp from net-snmp to net-snmp-libs package
(#822480)

[1:5.5-40]
- fixed CVE-2012-2141 (#820100)

[1:5.5-39]
- fixed proxying of out-of-tree GETNEXT requests (#799291)

[1:5.5-38]
- fixed snmpd crashing with many AgentX subagent (#749227)
- fixed SNMPv2-MIB::sysObjectID value when sysObjectID config file
option with long OID was used (#786931)
- fixed value of BRIDGE-MIB::dot1dBasePortIfIndex.1 (#740172)
- fixed parsing of proxy snmpd.conf option not to enable
verbose logging by default (#746903)
- added new realStorageUnits config file option to support
disks > 16 TB in hrStorageTable (#741789)
- added vxfs, reiserfs and ocfs2 filesystem support to hrStorageTable
(#746903)
- fixed snmpd sigsegv when embedded perl script registers one handler
twice (#748907)
- fixed setting of SNMP-TARGET-MIB::snmpTargetAddrRowStatus via
SNMP-SET request on 64-bit platforms (#754275)
- fixed crash when /var/lib/net-snmp/mib_indexes/ files have wrong
SELinux context (#754971)
- fixed memory leak when agentx subagent disconnects in the middle
of request processing (#736580)
- fixed slow (re-)loads of TCP-MIB::tcpConnectionTable (#789909)
- removed 'error finding row index in _ifXTable_container_row_restore'
error message (#788954)

Affected Software/OS:
'net-snmp' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2141
1026984
http://www.securitytracker.com/id?1026984
48938
http://secunia.com/advisories/48938
53255
http://www.securityfocus.com/bid/53255
53258
http://www.securityfocus.com/bid/53258
59974
http://secunia.com/advisories/59974
GLSA-201409-02
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
RHSA-2013:0124
http://rhn.redhat.com/errata/RHSA-2013-0124.html
[oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
http://www.openwall.com/lists/oss-security/2012/04/26/2
[oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
http://www.openwall.com/lists/oss-security/2012/04/26/3
http://support.citrix.com/article/CTX139049
https://bugzilla.redhat.com/show_bug.cgi?id=815813
netsnmp-snmpget-dos(75169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75169

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123888
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0876)
Summary:	The remote host is missing an update for the 'net-snmp' package(s) announced via the ELSA-2012-0876 advisory.
Description:	Summary: The remote host is missing an update for the 'net-snmp' package(s) announced via the ELSA-2012-0876 advisory. Vulnerability Insight: [1:5.5-41] - moved /var/lib/net-snmp from net-snmp to net-snmp-libs package (#822480) [1:5.5-40] - fixed CVE-2012-2141 (#820100) [1:5.5-39] - fixed proxying of out-of-tree GETNEXT requests (#799291) [1:5.5-38] - fixed snmpd crashing with many AgentX subagent (#749227) - fixed SNMPv2-MIB::sysObjectID value when sysObjectID config file option with long OID was used (#786931) - fixed value of BRIDGE-MIB::dot1dBasePortIfIndex.1 (#740172) - fixed parsing of proxy snmpd.conf option not to enable verbose logging by default (#746903) - added new realStorageUnits config file option to support disks > 16 TB in hrStorageTable (#741789) - added vxfs, reiserfs and ocfs2 filesystem support to hrStorageTable (#746903) - fixed snmpd sigsegv when embedded perl script registers one handler twice (#748907) - fixed setting of SNMP-TARGET-MIB::snmpTargetAddrRowStatus via SNMP-SET request on 64-bit platforms (#754275) - fixed crash when /var/lib/net-snmp/mib_indexes/ files have wrong SELinux context (#754971) - fixed memory leak when agentx subagent disconnects in the middle of request processing (#736580) - fixed slow (re-)loads of TCP-MIB::tcpConnectionTable (#789909) - removed 'error finding row index in _ifXTable_container_row_restore' error message (#788954) Affected Software/OS: 'net-snmp' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2141 1026984 http://www.securitytracker.com/id?1026984 48938 http://secunia.com/advisories/48938 53255 http://www.securityfocus.com/bid/53255 53258 http://www.securityfocus.com/bid/53258 59974 http://secunia.com/advisories/59974 GLSA-201409-02 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml RHSA-2013:0124 http://rhn.redhat.com/errata/RHSA-2013-0124.html [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) http://www.openwall.com/lists/oss-security/2012/04/26/2 [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) http://www.openwall.com/lists/oss-security/2012/04/26/3 http://support.citrix.com/article/CTX139049 https://bugzilla.redhat.com/show_bug.cgi?id=815813 netsnmp-snmpget-dos(75169) https://exchange.xforce.ibmcloud.com/vulnerabilities/75169
Copyright	Copyright (C) 2015 Greenbone AG