|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for net-snmp RHSA-2013:0124-01|
|Summary:||The remote host is missing an update for the 'net-snmp'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'net-snmp'
package(s) announced via the referenced advisory.
These packages provide various libraries and tools for the Simple Network
Management Protocol (SNMP).
An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote
attacker with read privileges to a Management Information Base (MIB)
subtree handled by the extend directive (/etc/snmp/snmpd.conf)
could use this flaw to crash snmpd via a crafted SNMP GET request.
* Devices that used certain file systems were not reported in the
'HOST-RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon
did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File
System (OCFS2) file systems. This update recognizes these devices and
reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table.
(BZ#754652, BZ#755958, BZ#822061)
* The snmptrapd (8) man page did not correctly describe how to load
multiple configuration files using the '-c' option. This update describes
correctly that multiple configuration files must be separated by a comma.
* Integers truncated from 64 to 32-bit were not correctly evaluated. As a
consequence, the snmpd daemon could enter an endless loop when encoding the
truncated integers to network format. This update modifies the underlying
code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd
avoids an endless loop. (BZ#783892)
Description truncated, please see the referenced URL(s) for more information.
net-snmp on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-2141|
BugTraq ID: 53255
BugTraq ID: 53258
RedHat Security Advisories: RHSA-2013:0124
XForce ISS Database: netsnmp-snmpget-dos(75169)
|Copyright||Copyright (c) 2013 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.