Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870877
Category:Red Hat Local Security Checks
Title:RedHat Update for net-snmp RHSA-2013:0124-01
Summary:The remote host is missing an update for the 'net-snmp'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'net-snmp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide various libraries and tools for the Simple Network
Management Protocol (SNMP).

An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote
attacker with read privileges to a Management Information Base (MIB)
subtree handled by the extend directive (/etc/snmp/snmpd.conf)
could use this flaw to crash snmpd via a crafted SNMP GET request.
(CVE-2012-2141)

Bug fixes:

* Devices that used certain file systems were not reported in the
'HOST-RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon
did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File
System (OCFS2) file systems. This update recognizes these devices and
reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table.
(BZ#754652, BZ#755958, BZ#822061)

* The snmptrapd (8) man page did not correctly describe how to load
multiple configuration files using the '-c' option. This update describes
correctly that multiple configuration files must be separated by a comma.
(BZ#760001)

* Integers truncated from 64 to 32-bit were not correctly evaluated. As a
consequence, the snmpd daemon could enter an endless loop when encoding the
truncated integers to network format. This update modifies the underlying
code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd
avoids an endless loop. (BZ#783892)

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
net-snmp on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2141
BugTraq ID: 53255
http://www.securityfocus.com/bid/53255
BugTraq ID: 53258
http://www.securityfocus.com/bid/53258
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
https://bugzilla.redhat.com/show_bug.cgi?id=815813
http://www.openwall.com/lists/oss-security/2012/04/26/2
http://www.openwall.com/lists/oss-security/2012/04/26/3
RedHat Security Advisories: RHSA-2013:0124
http://rhn.redhat.com/errata/RHSA-2013-0124.html
http://www.securitytracker.com/id?1026984
http://secunia.com/advisories/48938
http://secunia.com/advisories/59974
XForce ISS Database: netsnmp-snmpget-dos(75169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75169
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.