Executive Summary

Summary
Title Net-SNMP vulnerability
Informations
Name USN-1450-1 First vendor Publication 2012-05-23
Vendor Ubuntu Last vendor Modification 2012-05-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS

Summary:

Net-SNMP could be made to crash if it received specially crafted network traffic.

Software Description: - net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
libsnmp15 5.4.3~dfsg-2.4ubuntu1.1

Ubuntu 11.10:
libsnmp15 5.4.3~dfsg-2.2ubuntu1.1

Ubuntu 11.04:
libsnmp15 5.4.3~dfsg-2ubuntu1.1

Ubuntu 10.04 LTS:
libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.2

Ubuntu 8.04 LTS:
libsnmp15 5.4.1~dfsg-4ubuntu4.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1450-1
CVE-2012-2141

Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.1
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.2ubuntu1.1
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2ubuntu1.1
https://launchpad.net/ubuntu/+source/net-snmp/5.4.2.1~dfsg0ubuntu1-0ubuntu2.2
https://launchpad.net/ubuntu/+source/net-snmp/5.4.1~dfsg-4ubuntu4.4

Original Source

Url : http://www.ubuntu.com/usn/USN-1450-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17926
 
Oval ID: oval:org.mitre.oval:def:17926
Title: USN-1450-1 -- net-snmp vulnerability
Description: Net-SNMP could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1450-1
CVE-2012-2141
 Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20935
 
Oval ID: oval:org.mitre.oval:def:20935
Title: RHSA-2013:0124: net-snmp security and bug fix update (Moderate)
Description: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
Family: unix Class: patch
Reference(s): RHSA-2013:0124-00
CESA-2013:0124
CVE-2012-2141
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21444
 
Oval ID: oval:org.mitre.oval:def:21444
Title: RHSA-2012:0876: net-snmp security and bug fix update (Moderate)
Description: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
Family: unix Class: patch
Reference(s): RHSA-2012:0876-04
CESA-2012:0876
CVE-2012-2141
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23488
 
Oval ID: oval:org.mitre.oval:def:23488
Title: ELSA-2013:0124: net-snmp security and bug fix update (Moderate)
Description: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
Family: unix Class: patch
Reference(s): ELSA-2013:0124-00
CVE-2012-2141
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23966
 
Oval ID: oval:org.mitre.oval:def:23966
Title: ELSA-2012:0876: net-snmp security and bug fix update (Moderate)
Description: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
Family: unix Class: patch
Reference(s): ELSA-2012:0876-04
CVE-2012-2141
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27267
 
Oval ID: oval:org.mitre.oval:def:27267
Title: DEPRECATED: ELSA-2012-0876 -- net-snmp security and bug fix update (moderate)
Description: [1:5.5-41] - moved /var/lib/net-snmp fro net-snmp to net-snmp-libs package (#822480) [1:5.5-40] - fixed CVE-2012-2141 (#820100) [1:5.5-39] - fixed proxying of out-of-tree GETNEXT requests (#799291) [1:5.5-38] - fixed snmpd crashing with many AgentX subagent (#749227) - fixed SNMPv2-MIB::sysObjectID value when sysObjectID config file option with long OID was used (#786931) - fixed value of BRIDGE-MIB::dot1dBasePortIfIndex.1 (#740172) - fixed parsing of proxy snmpd.conf option not to enable verbose logging by default (#746903) - added new realStorageUnits config file option to support disks > 16 TB in hrStorageTable (#741789) - added vxfs, reiserfs and ocfs2 filesystem support to hrStorageTable (#746903) - fixed snmpd sigsegv when embedded perl script registers one handler twice (#748907) - fixed setting of SNMP-TARGET-MIB::snmpTargetAddrRowStatus via SNMP-SET request on 64-bit platforms (#754275) - fixed crash when /var/lib/net-snmp/mib_indexes/ files have wrong SELinux context (#754971) - fixed memory leak when agentx subagent disconnects in the middle of request processing (#736580) - fixed slow (re-)loads of TCP-MIB::tcpConnectionTable (#789909) - removed 'error finding row index in _ifXTable_container_row_restore' error message (#788954)
Family: unix Class: patch
Reference(s): ELSA-2012-0876
CVE-2012-2141
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27655
 
Oval ID: oval:org.mitre.oval:def:27655
Title: DEPRECATED: ELSA-2013-0124 -- net-snmp security and bug fix update (moderate)
Description: [5.3.2.2-20.0.1.el5] - suppress spurious asserts on 32bit [Greg Marsden] [5.3.2.2-20] - fixed error message when the address specified by clientaddr option is wrong or cannot be bound (#840861)
Family: unix Class: patch
Reference(s): ELSA-2013-0124
CVE-2012-2141
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): net-snmp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-11-02 Name : Fedora Update for net-snmp FEDORA-2012-16659
File : nvt/gb_fedora_2012_16659_net-snmp_fc16.nasl
2012-11-02 Name : Fedora Update for net-snmp FEDORA-2012-16662
File : nvt/gb_fedora_2012_16662_net-snmp_fc17.nasl
2012-07-30 Name : CentOS Update for net-snmp CESA-2012:0876 centos6
File : nvt/gb_CESA-2012_0876_net-snmp_centos6.nasl
2012-06-22 Name : RedHat Update for net-snmp RHSA-2012:0876-04
File : nvt/gb_RHSA-2012_0876-04_net-snmp.nasl
2012-06-22 Name : Mandriva Update for net-snmp MDVSA-2012:099 (net-snmp)
File : nvt/gb_mandriva_MDVSA_2012_099.nasl
2012-05-25 Name : Ubuntu Update for net-snmp USN-1450-1
File : nvt/gb_ubuntu_USN_1450_1.nasl
2012-04-30 Name : FreeBSD Ports: net-snmp
File : nvt/freebsd_net-snmp3.nasl

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_net-snmp_20141216.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15883.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201409-02.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-299.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote device is affected by multiple vulnerabilities.
File : citrix_netscaler_adc_multiple.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-97.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0876.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0124.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-049.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libsnmp15-120709.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0124.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130108_net_snmp_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0124.nasl - Type : ACT_GATHER_INFO
2012-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-16662.nasl - Type : ACT_GATHER_INFO
2012-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-16659.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_net_snmp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_net-snmp-8153.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0876.nasl - Type : ACT_GATHER_INFO
2012-06-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-099.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0876.nasl - Type : ACT_GATHER_INFO
2012-05-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1450-1.nasl - Type : ACT_GATHER_INFO
2012-04-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_5d85976a901111e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:00:07
  • Multiple Updates