Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2015:1636
HistoryAug 17, 2015 - 4:22 p.m.

net security update

2015-08-1716:22:33
CentOS Project
lists.centos.org
44

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.823 High

EPSS

Percentile

98.4%

JSON

CentOS Errata and Security Advisory CESA-2015:1636

The net-snmp packages provide various libraries and tools for the Simple
Network Management Protocol (SNMP), including an SNMP library, an
extensible agent, tools for requesting or setting information from SNMP
agents, tools for generating and handling SNMP traps, a version of the
netstat command which uses SNMP, and a Tk/Perl Management Information Base
(MIB) browser.

It was discovered that the snmp_pdu_parse() function could leave
incompletely parsed varBind variables in the list of variables. A remote,
unauthenticated attacker could use this flaw to crash snmpd or,
potentially, execute arbitrary code on the system with the privileges of
the user running snmpd. (CVE-2015-5621)

Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for
reporting this issue.

All net-snmp users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-August/083497.html
https://lists.centos.org/pipermail/centos-announce/2015-August/083500.html

Affected packages:
net-snmp
net-snmp-agent-libs
net-snmp-devel
net-snmp-gui
net-snmp-libs
net-snmp-perl
net-snmp-python
net-snmp-sysvinit
net-snmp-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1636

OSVersionArchitecturePackageVersionFilename
CentOS6i686net-snmp< 5.5-54.el6_7.1net-snmp-5.5-54.el6_7.1.i686.rpm
CentOS6i686net-snmp-devel< 5.5-54.el6_7.1net-snmp-devel-5.5-54.el6_7.1.i686.rpm
CentOS6i686net-snmp-libs< 5.5-54.el6_7.1net-snmp-libs-5.5-54.el6_7.1.i686.rpm
CentOS6i686net-snmp-perl< 5.5-54.el6_7.1net-snmp-perl-5.5-54.el6_7.1.i686.rpm
CentOS6i686net-snmp-python< 5.5-54.el6_7.1net-snmp-python-5.5-54.el6_7.1.i686.rpm
CentOS6i686net-snmp-utils< 5.5-54.el6_7.1net-snmp-utils-5.5-54.el6_7.1.i686.rpm
CentOS6x86_64net-snmp< 5.5-54.el6_7.1net-snmp-5.5-54.el6_7.1.x86_64.rpm
CentOS6i686net-snmp-devel< 5.5-54.el6_7.1net-snmp-devel-5.5-54.el6_7.1.i686.rpm
CentOS6x86_64net-snmp-devel< 5.5-54.el6_7.1net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm
CentOS6i686net-snmp-libs< 5.5-54.el6_7.1net-snmp-libs-5.5-54.el6_7.1.i686.rpm
Rows per page:
1-10 of 261

Related

nessus 22
debian 3
openvas 15
ubuntucve 3
osv 3
veracode 2
redhat 1
ibm 13
f5 2
freebsd 1
securityvulns 2
prion 2
debiancve 2
cve 2
amazon 1
oraclelinux 1
fedora 3
redhatcve 1
mageia 1
checkpoint_advisories 1
cloudfoundry 1
ics 1
ubuntu 1
archlinux 1
rosalinux 1
photon 4
nessus
nessus
Oracle Linux 6 / 7 : net-snmp (ELSA-2015-1636)
2015-08-18 00:00:00
CentOS 6 / 7 : net-snmp (CESA-2015:1636)
2015-08-18 00:00:00
RHEL 6 / 7 : net-snmp (RHSA-2015:1636)
2015-08-18 00:00:00
debian
debian
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
[SECURITY] [DLA 1317-1] net-snmp security update
2018-03-26 14:50:59
openvas
openvas
Debian: Security Advisory (DLA-1317-1)
2018-03-26 00:00:00
Debian: Security Advisory (DSA-4154-1)
2018-03-27 00:00:00
Huawei EulerOS: Security Advisory for net-snmp (EulerOS-SA-2019-1436)
2020-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2018-1000116
2018-03-07 00:00:00
CVE-2015-5621
2015-07-31 00:00:00
CVE-2018-18066
2018-10-08 00:00:00
osv
osv
net-snmp - security update
2018-03-28 00:00:00
net-snmp - security update
2018-03-26 00:00:00
CVE-2018-1000116
2018-03-07 14:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:17:56
Denial Of Service (DoS)
2019-01-15 09:07:07
redhat
redhat
(RHSA-2015:1636) Moderate: net-snmp security update
2015-08-17 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-5621)
2018-06-17 15:37:48
Security Bulletin: Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621)
2018-06-18 01:29:25
Security Bulletin: A security vulnerability with net-snmp affects IBM Flex System Manager (CVE-2015-5621)
2018-06-18 01:29:34
f5
f5
K17378 : SNMP vulnerability CVE-2015-5621
2015-10-08 00:00:00
SOL17378 - SNMP vulnerability CVE-2015-5621
2015-10-07 00:00:00
freebsd
freebsd
net-snmp -- snmp_pdu_parse() function incomplete initialization
2015-04-11 00:00:00
securityvulns
securityvulns
Net-SNMP memory corruption
2015-08-24 00:00:00
[USN-2711-1] Net-SNMP vulnerabilities
2015-08-24 00:00:00
prion
prion
Design/Logic Flaw
2015-08-19 15:59:00
Heap overflow
2018-03-07 14:29:00
debiancve
debiancve
CVE-2015-5621
2015-08-19 15:59:00
CVE-2018-1000116
2018-03-07 14:29:00
cve
cve
CVE-2015-5621
2015-08-19 15:59:00
CVE-2018-1000116
2018-03-07 14:29:00
amazon
amazon
Medium: net-snmp
2015-09-02 12:00:00
oraclelinux
oraclelinux
net-snmp security update
2015-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: net-snmp-5.7.3-27.fc26
2018-03-20 17:38:12
[SECURITY] Fedora 28 Update: net-snmp-5.7.3-36.fc28
2018-03-30 13:29:38
[SECURITY] Fedora 27 Update: net-snmp-5.7.3-27.fc27
2018-03-13 23:26:18
redhatcve
redhatcve
CVE-2018-1000116
2018-03-07 20:48:49
mageia
mageia
Updated net-snmp packages fix CVE-2018-1000116
2018-03-30 00:00:32
checkpoint_advisories
checkpoint_advisories
NET-SNMP Memory Corruption (CVE-2018-1000116)
2021-11-28 00:00:00
cloudfoundry
cloudfoundry
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
2015-10-07 00:00:00
ics
ics
Siemens Industrial Products SNMP (Update F)
2022-04-14 12:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2015-08-17 00:00:00
archlinux
archlinux
[ASA-201810-11] net-snmp: multiple issues
2018-10-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1929
2021-07-02 17:32:57
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0037
2018-04-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0126
2018-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2018-0126
2018-04-24 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.823 High

EPSS

Percentile

98.4%

JSON
Related for CESA-2015:1636
nessus22debian3openvas15ubuntucve3osv3veracode2redhat1ibm13f52freebsd1securityvulns2prion2debiancve2cve2amazon1oraclelinux1fedora3redhatcve1mageia1checkpoint_advisories1cloudfoundry1ics1ubuntu1archlinux1rosalinux1photon4