## Summary
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Intrusion Prevention System.
## Vulnerability Details
**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)**
DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
## Affected Products and Versions
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
## Remediation/Fixes
_Product_
| _VRMF_| _Remediation/First Fix_
---|---|---
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0010_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0014_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0014_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0014_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
## Workarounds and Mitigations
None
##
{"openvas": [{"lastseen": "2020-03-17T22:59:05", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120090", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120090\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:11 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-590)\");\n script_tag(name:\"insight\", value:\"It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621 )\");\n script_tag(name:\"solution\", value:\"Run yum update net-snmp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-590.html\");\n script_cve_id(\"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~54.1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "openvas", "title": "RedHat Update for net-snmp RHSA-2015:1636-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for net-snmp RHSA-2015:1636-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871429\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:48:55 +0200 (Tue, 18 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for net-snmp RHSA-2015:1636-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A remote,\nunauthenticated attacker could use this flaw to crash snmpd or,\npotentially, execute arbitrary code on the system with the privileges of\nthe user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for\nreporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"net-snmp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1636-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-agent-libs\", rpm:\"net-snmp-agent-libs~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.7.2~20.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~54.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:04", "description": "Check the version of net-snmp", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "openvas", "title": "CentOS Update for net-snmp CESA-2015:1636 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for net-snmp CESA-2015:1636 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882246\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:49:39 +0200 (Tue, 18 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for net-snmp CESA-2015:1636 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of net-snmp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A remote,\nunauthenticated attacker could use this flaw to crash snmpd or,\npotentially, execute arbitrary code on the system with the privileges of\nthe user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for\nreporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"net-snmp on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1636\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021335.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~54.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:47", "description": "Oracle Linux Local Security Checks ELSA-2015-1636", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123026", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1636.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123026\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:48 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1636\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1636 - net-snmp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1636\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1636.html\");\n script_cve_id(\"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-agent-libs\", rpm:\"net-snmp-agent-libs~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-gui\", rpm:\"net-snmp-gui~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-sysvinit\", rpm:\"net-snmp-sysvinit~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.7.2~20.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~54.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:06", "description": "Check the version of net-snmp", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "openvas", "title": "CentOS Update for net-snmp CESA-2015:1636 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for net-snmp CESA-2015:1636 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882249\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:49:49 +0200 (Tue, 18 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for net-snmp CESA-2015:1636 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of net-snmp\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A remote,\nunauthenticated attacker could use this flaw to crash snmpd or,\npotentially, execute arbitrary code on the system with the privileges of\nthe user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for\nreporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"net-snmp on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1636\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021338.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-agent-libs\", rpm:\"net-snmp-agent-libs~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-gui\", rpm:\"net-snmp-gui~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-sysvinit\", rpm:\"net-snmp-sysvinit~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.7.2~20.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for net-snmp USN-2711-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2014-3565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for net-snmp USN-2711-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842415\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-18 06:51:06 +0200 (Tue, 18 Aug 2015)\");\n script_cve_id(\"CVE-2014-3565\", \"CVE-2015-5621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for net-snmp USN-2711-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Net-SNMP incorrectly\nhandled certain trap messages when the -OQ option was used. A remote attacker\ncould use this issue to cause Net-SNMP to crash, resulting in a denial of service.\n(CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing\nfailures. A remote attacker could use this issue to cause Net-SNMP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-5621)\");\n script_tag(name:\"affected\", value:\"net-snmp on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2711-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2711-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsnmp30:amd64\", ver:\"5.7.2~dfsg-8.1ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libsnmp30:i386\", ver:\"5.7.2~dfsg-8.1ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsnmp15\", ver:\"5.4.3~dfsg-2.4ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:23", "description": "A heap corruption vulnerability was discovered in net-snmp, a suite of\nSimple Network Management Protocol applications, triggered when parsing\nthe PDU prior to the authentication process. A remote, unauthenticated\nattacker can take advantage of this flaw to crash the snmpd process\n(causing a denial of service) or, potentially, execute arbitrary code\nwith the privileges of the user running snmpd.", "cvss3": {}, "published": "2018-03-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4154-1 (net-snmp - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4154-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704154\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\");\n script_name(\"Debian Security Advisory DSA 4154-1 (net-snmp - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-28 00:00:00 +0200 (Wed, 28 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4154.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"net-snmp on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.7.2.1+dfsg-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nbefore the initial release.\n\nWe recommend that you upgrade your net-snmp packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/net-snmp\");\n script_tag(name:\"summary\", value:\"A heap corruption vulnerability was discovered in net-snmp, a suite of\nSimple Network Management Protocol applications, triggered when parsing\nthe PDU prior to the authentication process. A remote, unauthenticated\nattacker can take advantage of this flaw to crash the snmpd process\n(causing a denial of service) or, potentially, execute arbitrary code\nwith the privileges of the user running snmpd.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libsnmp-base\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsnmp-dev\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsnmp-perl\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsnmp30\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsnmp30-dbg\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-netsnmp\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"snmp\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"snmpd\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"snmptrapd\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tkmib\", ver:\"5.7.2.1+dfsg-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:41:21", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for net-snmp (EulerOS-SA-2019-1436)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116", "CVE-2018-18066"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191436", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1436\");\n script_version(\"2020-01-23T11:46:37+0000\");\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\", \"CVE-2018-18066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:46:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:46:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for net-snmp (EulerOS-SA-2019-1436)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1436\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1436\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'net-snmp' package(s) announced via the EulerOS-SA-2019-1436 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116)\n\nsnmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2018-18066)\n\nIt was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2015-5621)\");\n\n script_tag(name:\"affected\", value:\"'net-snmp' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~33.2.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-agent-libs\", rpm:\"net-snmp-agent-libs~5.7.2~33.2.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.7.2~33.2.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.7.2~33.2.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:15:24", "description": "Qinghao Tang reports :\n\nIncompletely initialized vulnerability exists in the function 'snmp_pdu_parse()' of 'snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.", "cvss3": {}, "published": "2015-08-03T00:00:00", "type": "nessus", "title": "FreeBSD : net-snmp -- snmp_pdu_parse() function incomplete initialization (381183e8-3798-11e5-9970-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:net-snmp", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_381183E8379811E5997014DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/85172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85172);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"FreeBSD : net-snmp -- snmp_pdu_parse() function incomplete initialization (381183e8-3798-11e5-9970-14dae9d210b8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qinghao Tang reports :\n\nIncompletely initialized vulnerability exists in the function\n'snmp_pdu_parse()' of 'snmp_api.c', and remote attackers can\ncause memory leak, DOS and possible command executions by sending\nmalicious packets.\"\n );\n # http://seclists.org/oss-sec/2015/q2/116\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q2/116\"\n );\n # http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6185bbeb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212408\"\n );\n # https://vuxml.freebsd.org/freebsd/381183e8-3798-11e5-9970-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2be07693\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"net-snmp<=5.7.3_7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:23", "description": "The following issues have been fixed within this update :\n\n - fix btrfs output inside HOST-RESOURCES-MIB::hrStorageDescr. (bsc#909479)\n\n - fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bsc#940188, CVE-2015-5621)\n\n - add build requirement 'procps' to fix a net-snmp-config error (bsc#935863)\n\n - --disable-md5 to allow operation in FIPS mode and not use the old algorithm (bsc#935876 bsc#940084)\n\n - also stop snmptrapd on removal\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-09-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : net-snmp (SUSE-SU-2015:1556-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsnmp30", "p-cpe:/a:novell:suse_linux:libsnmp30-debuginfo", "p-cpe:/a:novell:suse_linux:net-snmp", "p-cpe:/a:novell:suse_linux:net-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:net-snmp-debugsource", "p-cpe:/a:novell:suse_linux:perl-snmp", "p-cpe:/a:novell:suse_linux:perl-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:snmp-mibs", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1556-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1556-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85942);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : net-snmp (SUSE-SU-2015:1556-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed within this update :\n\n - fix btrfs output inside\n HOST-RESOURCES-MIB::hrStorageDescr. (bsc#909479)\n\n - fix an incompletely initialized vulnerability within the\n snmp_pdu_parse() function of snmp_api.c. (bsc#940188,\n CVE-2015-5621)\n\n - add build requirement 'procps' to fix a net-snmp-config\n error (bsc#935863)\n\n - --disable-md5 to allow operation in FIPS mode and not\n use the old algorithm (bsc#935876 bsc#940084)\n\n - also stop snmptrapd on removal\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5621/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151556-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec403c73\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-537=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-537=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-537=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsnmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsnmp30-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:net-snmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-SNMP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-SNMP-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsnmp30-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsnmp30-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"net-snmp-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"net-snmp-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"net-snmp-debugsource-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"perl-SNMP-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"perl-SNMP-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"snmp-mibs-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsnmp30-32bit-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsnmp30-debuginfo-32bit-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsnmp30-32bit-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsnmp30-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-32bit-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"net-snmp-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"net-snmp-debugsource-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"perl-SNMP-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"perl-SNMP-debuginfo-5.7.2.1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"snmp-mibs-5.7.2.1-4.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:36", "description": "net-snmp was updated to fix one secuirty vulnerability and 2 bugs.\n\n - Fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621)\n\n - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863)\n\n - Stop snmptrapd on removal.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : net-snmp (openSUSE-2015-568)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsnmp30", "p-cpe:/a:novell:opensuse:libsnmp30-32bit", "p-cpe:/a:novell:opensuse:libsnmp30-debuginfo", "p-cpe:/a:novell:opensuse:libsnmp30-debuginfo-32bit", "p-cpe:/a:novell:opensuse:net-snmp", "p-cpe:/a:novell:opensuse:net-snmp-debuginfo", "p-cpe:/a:novell:opensuse:net-snmp-debugsource", "p-cpe:/a:novell:opensuse:net-snmp-devel", "p-cpe:/a:novell:opensuse:net-snmp-devel-32bit", "p-cpe:/a:novell:opensuse:net-snmp-python", "p-cpe:/a:novell:opensuse:net-snmp-python-debuginfo", "p-cpe:/a:novell:opensuse:perl-snmp", "p-cpe:/a:novell:opensuse:perl-snmp-debuginfo", "p-cpe:/a:novell:opensuse:snmp-mibs", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-568.NASL", "href": "https://www.tenable.com/plugins/nessus/85837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-568.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85837);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"openSUSE Security Update : net-snmp (openSUSE-2015-568)\");\n script_summary(english:\"Check for the openSUSE-2015-568 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"net-snmp was updated to fix one secuirty vulnerability and 2 bugs.\n\n - Fix an incompletely initialized vulnerability within the\n snmp_pdu_parse() function of snmp_api.c. (bnc#940188,\n CVE-2015-5621)\n\n - Add build requirement 'procps' to fix a net-snmp-config\n error. (bsc#935863)\n\n - Stop snmptrapd on removal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=940188\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-SNMP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-SNMP-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsnmp30-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsnmp30-debuginfo-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-debuginfo-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-debugsource-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-devel-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-python-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-python-debuginfo-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-SNMP-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-SNMP-debuginfo-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"snmp-mibs-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsnmp30-32bit-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-32bit-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"net-snmp-devel-32bit-5.7.2-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsnmp30-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsnmp30-debuginfo-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-debuginfo-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-debugsource-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-devel-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-python-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"net-snmp-python-debuginfo-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-SNMP-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-SNMP-debuginfo-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"snmp-mibs-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsnmp30-32bit-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-32bit-5.7.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"net-snmp-devel-32bit-5.7.3-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsnmp30-32bit / libsnmp30 / libsnmp30-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:20", "description": "It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : net-snmp on SL6.x, SL7.x i386/x86_64 (20150817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:net-snmp", "p-cpe:/a:fermilab:scientific_linux:net-snmp-agent-libs", "p-cpe:/a:fermilab:scientific_linux:net-snmp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:net-snmp-devel", "p-cpe:/a:fermilab:scientific_linux:net-snmp-gui", "p-cpe:/a:fermilab:scientific_linux:net-snmp-libs", "p-cpe:/a:fermilab:scientific_linux:net-snmp-perl", "p-cpe:/a:fermilab:scientific_linux:net-snmp-python", "p-cpe:/a:fermilab:scientific_linux:net-snmp-sysvinit", "p-cpe:/a:fermilab:scientific_linux:net-snmp-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150817_NET_SNMP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85500", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85500);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"Scientific Linux Security Update : net-snmp on SL6.x, SL7.x i386/x86_64 (20150817)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A\nremote, unauthenticated attacker could use this flaw to crash snmpd\nor, potentially, execute arbitrary code on the system with the\nprivileges of the user running snmpd. (CVE-2015-5621)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=17292\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bda5e34\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-agent-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-debuginfo-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-devel-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-libs-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-perl-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-python-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-utils-5.5-54.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-agent-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-debuginfo-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-devel-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-gui-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-python-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-sysvinit-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.7.2-20.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-agent-libs / net-snmp-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:07", "description": "net-snmp was updated to fix one security vulnerability and several bugs.\n\n - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621)\n\n - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863)\n\n - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893).\n\n - stop snmptrapd on package removal.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-09-11T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : net-snmp (SUSE-SU-2015:1524-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsnmp15", "p-cpe:/a:novell:suse_linux:net-snmp", "p-cpe:/a:novell:suse_linux:perl-snmp", "p-cpe:/a:novell:suse_linux:snmp-mibs", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1524-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85903", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1524-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85903);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : net-snmp (SUSE-SU-2015:1524-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"net-snmp was updated to fix one security vulnerability and several\nbugs.\n\n - fix a vulnerability within the snmp_pdu_parse() function\n of snmp_api.c. (bnc#940188, CVE-2015-5621)\n\n - Add build requirement 'procps' to fix a net-snmp-config\n error. (bsc#935863)\n\n - add support for /dev/shm in snmp hostmib (bnc#853382,\n FATE#316893).\n\n - stop snmptrapd on package removal.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=853382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5621/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151524-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58b30e85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-net-snmp-12079=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-net-snmp-12079=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-net-snmp-12079=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-net-snmp-12079=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-net-snmp-12079=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-net-snmp-12079=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-net-snmp-12079=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-net-snmp-12079=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-net-snmp-12079=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsnmp15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-SNMP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsnmp15-32bit-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libsnmp15-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"net-snmp-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"perl-SNMP-5.4.2.1-8.12.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"snmp-mibs-5.4.2.1-8.12.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:43", "description": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. (CVE-2015-5621)", "cvss3": {}, "published": "2016-01-14T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : SNMP vulnerability (K17378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2019-04-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL17378.NASL", "href": "https://www.tenable.com/plugins/nessus/87902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17378.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87902);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-5621\");\n\n script_name(english:\"F5 Networks BIG-IP : SNMP vulnerability (K17378)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and\nearlier does not remove the varBind variable in a\nnetsnmp_variable_list item when parsing of the SNMP PDU fails, which\nallows remote attackers to cause a denial of service (crash) and\npossibly execute arbitrary code via a crafted packet. (CVE-2015-5621)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17378\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17378.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17378\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.2.1HF16\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF1\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF10\",\"11.2.1HF16\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF16\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF16\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:19", "description": "It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : net-snmp (ALAS-2015-590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:net-snmp", "p-cpe:/a:amazon:linux:net-snmp-debuginfo", "p-cpe:/a:amazon:linux:net-snmp-devel", "p-cpe:/a:amazon:linux:net-snmp-libs", "p-cpe:/a:amazon:linux:net-snmp-perl", "p-cpe:/a:amazon:linux:net-snmp-python", "p-cpe:/a:amazon:linux:net-snmp-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-590.NASL", "href": "https://www.tenable.com/plugins/nessus/85748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-590.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85748);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5621\");\n script_xref(name:\"ALAS\", value:\"2015-590\");\n script_xref(name:\"RHSA\", value:\"2015:1636\");\n\n script_name(english:\"Amazon Linux AMI : net-snmp (ALAS-2015-590)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A\nremote, unauthenticated attacker could use this flaw to crash snmpd\nor, potentially, execute arbitrary code on the system with the\nprivileges of the user running snmpd. (CVE-2015-5621)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-590.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update net-snmp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-debuginfo-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-devel-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-libs-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-perl-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-python-5.5-54.1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-utils-5.5-54.1.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-debuginfo / net-snmp-devel / net-snmp-libs / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:54", "description": "It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5621).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : net-snmp vulnerabilities (USN-2711-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsnmp15", "p-cpe:/a:canonical:ubuntu_linux:libsnmp30", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2711-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2711-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85506);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3565\", \"CVE-2015-5621\");\n script_xref(name:\"USN\", value:\"2711-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : net-snmp vulnerabilities (USN-2711-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Net-SNMP incorrectly handled certain trap\nmessages when the -OQ option was used. A remote attacker could use\nthis issue to cause Net-SNMP to crash, resulting in a denial of\nservice. (CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU\nparsing failures. A remote attacker could use this issue to cause\nNet-SNMP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-5621).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2711-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsnmp15 and / or libsnmp30 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsnmp15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsnmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libsnmp15\", pkgver:\"5.4.3~dfsg-2.4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libsnmp30\", pkgver:\"5.7.2~dfsg-8.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libsnmp30\", pkgver:\"5.7.2~dfsg-8.1ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsnmp15 / libsnmp30\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:43", "description": "From Red Hat Security Advisory 2015:1636 :\n\nUpdated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : net-snmp (ELSA-2015-1636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:net-snmp", "p-cpe:/a:oracle:linux:net-snmp-agent-libs", "p-cpe:/a:oracle:linux:net-snmp-devel", "p-cpe:/a:oracle:linux:net-snmp-gui", "p-cpe:/a:oracle:linux:net-snmp-libs", "p-cpe:/a:oracle:linux:net-snmp-perl", "p-cpe:/a:oracle:linux:net-snmp-python", "p-cpe:/a:oracle:linux:net-snmp-sysvinit", "p-cpe:/a:oracle:linux:net-snmp-utils", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1636.NASL", "href": "https://www.tenable.com/plugins/nessus/85492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1636 and \n# Oracle Linux Security Advisory ELSA-2015-1636 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85492);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\");\n script_xref(name:\"RHSA\", value:\"2015:1636\");\n\n script_name(english:\"Oracle Linux 6 / 7 : net-snmp (ELSA-2015-1636)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1636 :\n\nUpdated net-snmp packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A\nremote, unauthenticated attacker could use this flaw to crash snmpd\nor, potentially, execute arbitrary code on the system with the\nprivileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China\nfor reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005350.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-agent-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-5.5-54.0.1.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-devel-5.5-54.0.1.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-libs-5.5-54.0.1.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-perl-5.5-54.0.1.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-python-5.5-54.0.1.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-utils-5.5-54.0.1.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-agent-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-devel-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-gui-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-python-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-sysvinit-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.7.2-20.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-agent-libs / net-snmp-devel / net-snmp-gui / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:42", "description": "Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : net-snmp (CESA-2015:1636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:net-snmp", "p-cpe:/a:centos:centos:net-snmp-agent-libs", "p-cpe:/a:centos:centos:net-snmp-devel", "p-cpe:/a:centos:centos:net-snmp-gui", "p-cpe:/a:centos:centos:net-snmp-libs", "p-cpe:/a:centos:centos:net-snmp-perl", "p-cpe:/a:centos:centos:net-snmp-python", "p-cpe:/a:centos:centos:net-snmp-sysvinit", "p-cpe:/a:centos:centos:net-snmp-utils", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1636.NASL", "href": "https://www.tenable.com/plugins/nessus/85464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1636 and \n# CentOS Errata and Security Advisory 2015:1636 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85464);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\");\n script_xref(name:\"RHSA\", value:\"2015:1636\");\n\n script_name(english:\"CentOS 6 / 7 : net-snmp (CESA-2015:1636)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated net-snmp packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A\nremote, unauthenticated attacker could use this flaw to crash snmpd\nor, potentially, execute arbitrary code on the system with the\nprivileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China\nfor reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021335.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?214d8632\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021338.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41f6eed2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5621\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-agent-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-devel-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-libs-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-perl-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-python-5.5-54.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-utils-5.5-54.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-agent-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-devel-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-gui-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-libs-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-python-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-sysvinit-5.7.2-20.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.7.2-20.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-agent-libs / net-snmp-devel / net-snmp-gui / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:20", "description": "Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : net-snmp (RHSA-2015:1636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:net-snmp", "p-cpe:/a:redhat:enterprise_linux:net-snmp-agent-libs", "p-cpe:/a:redhat:enterprise_linux:net-snmp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:net-snmp-devel", "p-cpe:/a:redhat:enterprise_linux:net-snmp-gui", "p-cpe:/a:redhat:enterprise_linux:net-snmp-libs", "p-cpe:/a:redhat:enterprise_linux:net-snmp-perl", "p-cpe:/a:redhat:enterprise_linux:net-snmp-python", "p-cpe:/a:redhat:enterprise_linux:net-snmp-sysvinit", "p-cpe:/a:redhat:enterprise_linux:net-snmp-utils", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1636.NASL", "href": "https://www.tenable.com/plugins/nessus/85497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1636. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85497);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\");\n script_xref(name:\"RHSA\", value:\"2015:1636\");\n\n script_name(english:\"RHEL 6 / 7 : net-snmp (RHSA-2015:1636)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated net-snmp packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A\nremote, unauthenticated attacker could use this flaw to crash snmpd\nor, potentially, execute arbitrary code on the system with the\nprivileges of the user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China\nfor reporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1000116\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-agent-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1636\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-debuginfo-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-devel-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-libs-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-perl-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-perl-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-python-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-python-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-python-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-utils-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-utils-5.5-54.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.5-54.el6_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"net-snmp-agent-libs-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"net-snmp-debuginfo-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"net-snmp-devel-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-gui-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-gui-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"net-snmp-libs-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-perl-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-python-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-python-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-sysvinit-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-sysvinit-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"net-snmp-utils-5.7.2-20.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.7.2-20.el7_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-agent-libs / net-snmp-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:32", "description": "A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Debian DSA-4154-1 : net-snmp - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:net-snmp", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4154.NASL", "href": "https://www.tenable.com/plugins/nessus/108696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4154. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108696);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2015-5621\", \"CVE-2018-1000116\");\n script_xref(name:\"DSA\", value:\"4154\");\n\n script_name(english:\"Debian DSA-4154-1 : net-snmp - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap corruption vulnerability was discovered in net-snmp, a suite of\nSimple Network Management Protocol applications, triggered when\nparsing the PDU prior to the authentication process. A remote,\nunauthenticated attacker can take advantage of this flaw to crash the\nsnmpd process (causing a denial of service) or, potentially, execute\narbitrary code with the privileges of the user running snmpd.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/net-snmp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/net-snmp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the net-snmp packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 5.7.2.1+dfsg-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nbefore the initial release.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libsnmp-base\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsnmp-dev\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsnmp-perl\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsnmp30\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsnmp30-dbg\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-netsnmp\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"snmp\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"snmpd\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"snmptrapd\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tkmib\", reference:\"5.7.2.1+dfsg-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:49:33", "description": "According to the versions of the net-snmp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2018-18066)\n\n - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2015-5621)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : net-snmp (EulerOS-SA-2019-1436)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116", "CVE-2018-18066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:net-snmp", "p-cpe:/a:huawei:euleros:net-snmp-agent-libs", "p-cpe:/a:huawei:euleros:net-snmp-libs", "p-cpe:/a:huawei:euleros:net-snmp-utils", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1436.NASL", "href": "https://www.tenable.com/plugins/nessus/124939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124939);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-5621\",\n \"CVE-2018-1000116\",\n \"CVE-2018-18066\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : net-snmp (EulerOS-SA-2019-1436)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the net-snmp packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was discovered that the snmp_pdu_parse() mishandles\n error codes and is vulnerable to a heap corruption\n within the parsing of the PDU prior to the\n authentication process. A remote, unauthenticated\n attacker could use this flaw to crash snmpd or,\n potentially, execute arbitrary code on the system with\n the privileges of the user running\n snmpd.(CVE-2018-1000116)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP\n before 5.8 has a NULL Pointer Exception bug that can be\n used by an unauthenticated attacker to remotely cause\n the instance to crash via a crafted UDP packet,\n resulting in Denial of Service.(CVE-2018-18066)\n\n - It was discovered that the snmp_pdu_parse() function\n could leave incompletely parsed varBind variables in\n the list of variables. A remote, unauthenticated\n attacker could use this flaw to crash snmpd or,\n potentially, execute arbitrary code on the system with\n the privileges of the user running\n snmpd.(CVE-2015-5621)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1436\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6770c5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected net-snmp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000116\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:net-snmp-agent-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"net-snmp-5.7.2-33.2.h1\",\n \"net-snmp-agent-libs-5.7.2-33.2.h1\",\n \"net-snmp-libs-5.7.2-33.2.h1\",\n \"net-snmp-utils-5.7.2-33.2.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "description": "Memory corruption on server response parsing.", "cvss3": {}, "published": "2015-08-24T00:00:00", "type": "securityvulns", "title": "Net-SNMP memory corruption", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14642", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14642", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2711-1\r\nAugust 17, 2015\r\n\r\nnet-snmp vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nNet-SNMP could be made to crash or run programs if it received specially\r\ncrafted network traffic.\r\n\r\nSoftware Description:\r\n- net-snmp: SNMP (Simple Network Management Protocol) server and applications\r\n\r\nDetails:\r\n\r\nIt was discovered that Net-SNMP incorrectly handled certain trap messages\r\nwhen the -OQ option was used. A remote attacker could use this issue to\r\ncause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)\r\n\r\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing\r\nfailures. A remote attacker could use this issue to cause Net-SNMP to\r\ncrash, resulting in a denial of service, or possibly execute arbitrary\r\ncode. (CVE-2015-5621)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libsnmp30 5.7.2~dfsg-8.1ubuntu5.1\r\n\r\nUbuntu 14.04 LTS:\r\n libsnmp30 5.7.2~dfsg-8.1ubuntu3.1\r\n\r\nUbuntu 12.04 LTS:\r\n libsnmp15 5.4.3~dfsg-2.4ubuntu1.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2711-1\r\n CVE-2014-3565, CVE-2015-5621\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.7.2~dfsg-8.1ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.7.2~dfsg-8.1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "cvss3": {}, "published": "2015-08-24T00:00:00", "type": "securityvulns", "title": "[USN-2711-1] Net-SNMP vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5621", "CVE-2014-3565"], "modified": "2015-08-24T00:00:00", "id": "SECURITYVULNS:DOC:32414", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32414", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2023-09-02T11:05:15", "description": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier\ndoes not remove the varBind variable in a netsnmp_variable_list item when\nparsing of the SNMP PDU fails, which allows remote attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a crafted\npacket.\n\n#### Bugs\n\n * <https://sourceforge.net/p/net-snmp/bugs/2615/>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788964>\n", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5621", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2015-07-31T00:00:00", "id": "UB:CVE-2015-5621", "href": "https://ubuntu.com/security/CVE-2015-5621", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T14:14:09", "description": "NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP\nprotocol handler that can result in command execution.\n\n#### Bugs\n\n * <https://sourceforge.net/p/net-snmp/bugs/2821/>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | dupe of CVE-2015-5621\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-07T00:00:00", "type": "ubuntucve", "title": "CVE-2018-1000116", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2018-03-07T00:00:00", "id": "UB:CVE-2018-1000116", "href": "https://ubuntu.com/security/CVE-2018-1000116", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T14:05:26", "description": "snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL\nPointer Exception bug that can be used by an unauthenticated attacker to\nremotely cause the instance to crash via a crafted UDP packet, resulting in\nDenial of Service.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this is a duplicate of CVE-2015-5621 which was fixed in USN-2711-1 0025-Bug-788964-net-snmp-snmp_pdu_parse-DoS.patch in bionic CVE-2015-5621.patch in xenial\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-08T00:00:00", "type": "ubuntucve", "title": "CVE-2018-18066", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-18066"], "modified": "2018-10-08T00:00:00", "id": "UB:CVE-2018-18066", "href": "https://ubuntu.com/security/CVE-2018-18066", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:33", "description": "\nF5 Product Development has assigned ID 540767 (BIG-IP), ID 548810 (BIG-IQ), ID 548812 (Enterprise Manager), ID 475753 (FirePass), LRS-60336 (LineRate), INSTALLER-1836 (Traffix SDC), and ID 545965 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17378 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| SNMP \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| SNMP \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP DNS| 12.0.0| 12.1.0 \n12.0.0 HF1| High| SNMP \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF16| High| SNMP \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| 12.1.0 \n12.0.0 HF1 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| SNMP \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 11.4.1 HF10 \n11.2.1 HF16| High| SNMP \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF16| High| SNMP \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF16| High| SNMP \nARX| 6.0.0 - 6.4.0| None| Medium| SNMP \nEnterprise Manager| 3.0.0 - 3.1.1| None| High| SNMP \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Medium| SNMP \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| SNMP \nBIG-IQ Device| 4.2.0 - 4.5.0| None| High| SNMP \nBIG-IQ Security| 4.0.0 - 4.5.0| None| High| SNMP \nBIG-IQ ADC| 4.5.0| None| High| SNMP \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| 2.5.0 - 2.6.1| None| High| SNMP \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Medium| SNMP\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can disable the SNMP service on the affected F5 products. Alternatively, you can implement access control on the network interface of the affected F5 products where the SNMP service is exposed. For information about implementing access control on the BIG-IP and Enterprise Manager systems, refer to the following articles:\n\n * [K13535: Restricting SNMP access to the BIG-IP system](<https://support.f5.com/csp/article/K13535>)\n * [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>)\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "cvss3": {}, "published": "2015-10-08T05:07:00", "type": "f5", "title": "SNMP vulnerability CVE-2015-5621", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-07-27T22:29:00", "id": "F5:K17378", "href": "https://support.f5.com/csp/article/K17378", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:45:08", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can disable the SNMP service on the affected F5 products. Alternatively, you can implement access control on the network interface of the affected F5 products where the SNMP service is exposed. For information about implementing access control on the BIG-IP and Enterprise Manager systems, refer to the following articles:\n\n * SOL13535: Restricting SNMP access to the BIG-IP system\n * SOL13092: Overview of securing access to the BIG-IP system\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "cvss3": {}, "published": "2015-10-07T00:00:00", "type": "f5", "title": "SOL17378 - SNMP vulnerability CVE-2015-5621", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2016-08-16T00:00:00", "id": "SOL17378", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/300/sol17378.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2023-08-31T13:24:41", "description": "\n\nQinghao Tang reports:\n\nIncompletely initialized vulnerability exists in the function\n\t \u2018snmp_pdu_parse()\u2019 of \u2018snmp_api.c', and remote attackers can cause memory\n\t leak, DOS and possible command executions by sending malicious packets.\n\n\n", "cvss3": {}, "published": "2015-04-11T00:00:00", "type": "freebsd", "title": "net-snmp -- snmp_pdu_parse() function incomplete initialization", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2015-04-11T00:00:00", "id": "381183E8-3798-11E5-9970-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/381183e8-3798-11e5-9970-14dae9d210b8.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-21T01:45:55", "description": "## Summary\n\nNet-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**ITCAM for Transactions includes multiple agents; this bulletin applies only to versions 7.4 of the Internet Service Monitoring agent, (ISM).**\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Composite Application Manager for Transactions (Internet Service Monitoring)| _7.4_| | <http://www-01.ibm.com/support/docview.wss?uid=isg400003217> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T15:37:48", "type": "ibm", "title": "Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-06-17T15:37:48", "id": "2AA34CF9DF5E999E62E76CE5882AB668DBD94F88D6DF20B6A4EA5DB9690E90F1", "href": "https://www.ibm.com/support/pages/node/294697", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:53:42", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in Net-SNMP. This vulnerability is now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nPowerKVM 2.1\n\n## Remediation/Fixes\n\nFix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 Build 65.1 and all later 2.1.1 SP3 service builds and 2.1.1 fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using \"yum update\".\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:29:25", "type": "ibm", "title": "Security Bulletin: Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-06-18T01:29:25", "id": "AE4606DD56969369C30E608307B872A2C7644486FFE160A5DED866AB76BC36BD", "href": "https://www.ibm.com/support/pages/node/681589", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:53:38", "description": "## Summary\n\nA security vulnerability has been identified in net-snmp that is used by IBM Flex System Manager (FSM). This bulletin addresses this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nFlex System Manager 1.1.x.x \n\nFlex System Manager 1.2.0.x\n\nFlex System Manager 1.2.1.x\n\nFlex System Manager 1.3.0.x\n\nFlex System Manager 1.3.1.x\n\nFlex System Manager 1.3.2.x\n\nFlex System Manager 1.3.3.x\n\nFlex System Manager 1.3.4.x\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation \n---|---|---|--- \nFlex System Manager| 1.3.4.x| IT11633| [_fsmfix1.3.4.0_IT11633_IT11634_IT11652_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT11633_IT11634_IT11652>) \nFlex System Manager| 1.3.3.x| IT11633| [_fsmfix1.3.3.0_IT11633___IT11634_IT11652_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT11633_IT11634_IT11652>) \nFlex System Manager| 1.3.2.x| IT11633| [_fsmfix1.3.2.0_IT11633_IT11634_IT11652_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT11633_IT11634_IT11652>) \nFlex System Manager| 1.3.1.x| IT11633| IBM is no longer providing code updates for this release. Update to [_FSM 1.3.4.0_](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex%2BSystem%2BManager%2BNode&product=ibm/systemx/7955&&platform=All&function=fixId&fixids=FSMApplianceUpdate-1-3-4&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) and follow the appropriate remediation for all vulnerabilities. \nFlex System Manager| 1.3.0.x| IT11633| IBM is no longer providing code updates for this release. Update to [_FSM 1.3.4.0_](<http://www.ibm.com/support/fixcentral/systemx/quickorder?parent=Flex%2BSystem%2BManager%2BNode&product=ibm/systemx/7955&&platform=All&function=fixId&fixids=FSMApplianceUpdate-1-3-4&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) and follow the appropriate remediation for all vulnerabilities. \nFlex System Manager| 1.2.1.x| IT11633| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels. \nFlex System Manager| 1.2.0.x| IT11633| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels. \nFlex System Manager| 1.1.x.x| IT11633| Effective April 30, 2015 IBM has discontinued service for these version/release/modification/fix levels. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:29:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability with net-snmp affects IBM Flex System Manager (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-06-18T01:29:34", "id": "EDF0DE3C53392E25F6AA4A41594441B3B42A688C94A63F2BE16865CBA0FDE7D7", "href": "https://www.ibm.com/support/pages/node/681483", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:54", "description": "## Summary\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Fix Packs page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3| Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:30:34", "type": "ibm", "title": "Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-06-16T21:30:34", "id": "58B77823D926FA861FDFEEE3A042A509A6208DFB675AD0A015CD9B714395FEAF", "href": "https://www.ibm.com/support/pages/node/266057", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:54:40", "description": "## Summary\n\nNetcool/OMNIbus SNMP Probe is vulnerable to a denial of service, caused by Net-SNMP.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>) \n \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \n \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nNetcool/OMNIbus Integrations - SNMP Probe (nco-p-mttrapd-20_0) and earlier\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation_ \n---|---|---|--- \nTivoli Netcool/OMNIbus | 8.1.0 | IV76246 | \n\nSNMP Probe (nco-p-mettrapd-20_2) or newer\n\nRefer to [release notice](<https://www.ibm.com/support/pages/node/506825> \"release notice\" ) for the part number of the new package and instructions for the upgrade \n \n## ", "cvss3": {}, "published": "2022-10-17T13:37:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in Net-SNMP affects Netcool/OMNIbus SNMP Probe (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2022-10-17T13:37:34", "id": "DFA8AA7704784955FA7045373323530548087DE8D18998BEE491AD35CB291871", "href": "https://www.ibm.com/support/pages/node/269733", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:57:06", "description": "## Summary\n\nIBM DataPower gateways has addressed a vulnerability in SNMP parsing routines that could cause the SNMP daemon to crash or execute arbitrary code.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM DataPower Gateway appliances all versions through 6.0.0.17, 6.0.1.13, 7.0.0.10, 7.1.0.7 and 7.2.0.2\n\n## Remediation/Fixes\n\nFix is available in versions 6.0.0.18, 6.0.1.14, 7.0.0.11, 7.1.0.8 and 7.2.0.3. Refer to [APAR IT11697](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT11697>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For DataPower customers using versions 5.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:54", "type": "ibm", "title": "Security Bulletin: A vulnerability in net-snmp affects IBM DataPower Gateways (CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-06-15T07:04:54", "id": "B0B378D6DF228508C555CD15A899025E142FE0A9E7466DB0FDE01B1B5DC8C8C4", "href": "https://www.ibm.com/support/pages/node/539885", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:49", "description": "## Summary\n\nIBM Security Access Manager for Mobile is affected by denial of service vulnerabilities in Net-SNMP.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0 - 8.0.1.3| IV80761 \nIV80963| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-ISAM-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.3 Interim Fix 4: \n[8.0.1.3-ISS-ISAM-IF0004 ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.3&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80684 \nIV80945| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:39:29", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Mobile (CVE-2014-3565, CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2018-06-16T21:39:29", "id": "82F246436CF20352218C8642378C24F0FC172BB533B032A084E47DAC4081E232", "href": "https://www.ibm.com/support/pages/node/540883", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:51:55", "description": "## Summary\n\nIBM Security Access Manager for Web is affected by denial of service vulnerabilities in Net-SNMP. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nBM Security Access Manager for Web 7.0 appliances, all firmware versions \nIBM Security Access Manager for Web 8.0 appliances, all firmware versions \nIBM Security Access Manager 9.0 appliances, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 - 7.0.0.20 (appliances)| IV80685 \nIV80984| 1\\. Apply Interim Fix 21: \n[_7.0.0-ISS-WGA-IF0021_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0 - 8.0.1.3| IV80684 \nIV80945| 1\\. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3: \n[8.0.1-ISS-WGA-FP0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=All&function=all>)** ** \n2\\. Apply 8.0.1.3 Interim Fix 4:[_8.0.1.3-ISS-WGA-IF0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.0.1| IV80684 \nIV80945| 1\\. For 9.0 environments, upgrade to 9.0.0.1: \n[9.0.0-ISS-ISAM-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=Linux&function=all>) \n2\\. Apply 9.0.0.1 Interim Fix 1: \n[_9.0.0.1-ISS-ISAM-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:38:59", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2018-06-16T21:38:59", "id": "A89942FAB58AC82EB0C1EA7C23CD9F0CA0E09BB7B7B61D1626F11029ADDD61BC", "href": "https://www.ibm.com/support/pages/node/538903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:47:29", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities. \n \n \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-8100](<https://vulners.com/cve/CVE-2015-8100>) \n**DESCRIPTION:** OpenBSD could allow a local attacker to obtain sensitive information, caused by the use of 0644 permissions for snmpd.conf by the net-snmp package. By reading the file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107941> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-5621](<https://vulners.com/cve/CVE-2015-5621>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2014-3565](<https://vulners.com/cve/CVE-2014-3565>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638> for the current score\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 10.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&fixids=SqlGuard_10.0p512_Sep-24-2018&source=SAR&function=fixId&parent=IBM%20Security \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-09-28T04:30:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621", "CVE-2015-8100"], "modified": "2018-09-28T04:30:01", "id": "D8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88", "href": "https://www.ibm.com/support/pages/node/730329", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:44:57", "description": "## Summary\n\nMultiple vulnerabilities in Bind, glibc, net-snmp, spice affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5722, CVE-2015-5621, CVE-2014-3565, CVE-2014-8121, CVE-2015-3247).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5722_](<https://vulners.com/cve/CVE-2015-5722>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the exit of a validating resolver due to an assertion failure in buffer.c..By parsing a malformed DNSSEC key, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106089_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106089>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n \n**CVEID:** [_CVE-2015-3247_](<https://vulners.com/cve/CVE-2015-3247>)** \nDESCRIPTION:** Red Hat spice is vulnerable to a heap-based buffer overflow, caused by improper bounds checking within worker_update_monitors_config() in spice-server. A remote attacker could overflow a buffer to crash the host QEMU-KVM process. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106182_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/106182>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H) \n \n**CVEID:** [_CVE-2014-8121_](<https://vulners.com/cve/CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-5621](<https://vulners.com/cve/CVE-2015-5621>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [CVE-2014-3565](<https://vulners.com/cve/CVE-2014-3565>) \n**DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n** IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance**\n\n## Remediation/Fixes\n\nIf you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact [_IBM support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in bind, glibc, net-snmp, spice affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2014-8121", "CVE-2015-3247", "CVE-2015-5621", "CVE-2015-5722"], "modified": "2018-06-17T22:30:13", "id": "845F645C756E501D515D3D79A4AFDD9B71567E0F6FAC37814BC4092FE127BE92", "href": "https://www.ibm.com/support/pages/node/267865", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:50:51", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2014-3613_](<https://vulners.com/cve/CVE-2014-3613>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-3707_](<https://vulners.com/cve/CVE-2014-3707>)** \nDESCRIPTION:** cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98562_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n\n \n**CVEID:** [_CVE-2014-8121_](<https://vulners.com/cve/CVE-2014-8121>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102652_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102652>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVEID:** [_CVE-2014-8150_](<https://vulners.com/cve/CVE-2014-8150>)** \nDESCRIPTION:** libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-9297_](<https://vulners.com/cve/CVE-2014-9297>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-9298_](<https://vulners.com/cve/CVE-2014-9298>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-1798_](<https://vulners.com/cve/CVE-2015-1798>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-1799_](<https://vulners.com/cve/CVE-2015-1799>)** \nDESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n \n \n**CVEID:** [_CVE-2015-1819_](<https://vulners.com/cve/CVE-2015-1819>)** \nDESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107272_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107272>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n \n**CVEID:** [_CVE-2015-2017_](<https://vulners.com/cve/CVE-2015-2017>)** \nDESCRIPTION:** The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive infrmation. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103991_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103991>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2015-2730_](<https://vulners.com/cve/CVE-2015-2730>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle certain exceptional cases by the Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to forge signatures. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n\n\n**CVEID:** [_CVE-2015-3143_](<https://vulners.com/cve/CVE-2015-3143>)** \nDESCRIPTION:** libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102888_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102888>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3148_](<https://vulners.com/cve/CVE-2015-3148>)** \nDESCRIPTION:** libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102878_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n \n \n**CVEID:** [_CVE-2015-3238_](<https://vulners.com/cve/CVE-2015-3238>)** \nDESCRIPTION:** Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the _unix_run_helper_binary function in the pam_unix module. An attacker could exploit this vulnerability using an overly large password to enumerate usernames and cause the system to hang. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106368_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106368>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n \n**CVEID:** [_CVE-2015-5621_](<https://vulners.com/cve/CVE-2015-5621>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/105232_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105232>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n**CVEID:** [_CVE-2015-7450_](<https://vulners.com/cve/CVE-2015-7450>)** \nDESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107918_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107918>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Security Identity Manager Virtual Appliance versions 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3\n\n## Remediation/Fixes\n\nEnsure that the version listed below is installed on the system. \n\nProduct Version| Fix level \n---|--- \nIBM Security Identity Manager (ISIM) Virtual Appliance releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3| Apply the following: \nIBM Security Identity Manager (ISIM) 7.0.1 release [7.0.1-ISS-SIM-FP0000](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Identity+Manager&release=7.0.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:38:14", "type": "ibm", "title": "Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8121", "CVE-2014-8150", "CVE-2014-9297", "CVE-2014-9298", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-1819", "CVE-2015-2017", "CVE-2015-2730", "CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3238", "CVE-2015-5621", "CVE-2015-7450"], "modified": "2018-06-16T21:38:14", "id": "9FD738448ACD93F4450A43269B40F6F0A44AE4531A251D9858867B18DD433AE4", "href": "https://www.ibm.com/support/pages/node/273647", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:07:08", "description": "## Question\n\nWhat Technotes exist for the IBM Security Network Protection / IBM QRadar Network Security (XGS) sensor?\n\n## Answer\n\nThe content below includes a list of all technical notes published under IBM Security Network Protection / IBM QRadar Network Security by category and sorted by popularity. Users can expand or collapse each section below using the + / - buttons. As new documentation is released, this content will be updated and new articles added. Click Expand All prior to starting a CTRL-F search. \n\n## IBM QRadar Network Security, IBM Security Network Protection\n\nExpand All\n\n\\+ \\--\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[7047980](<http://www.ibm.com/support/docview.wss?uid=swg27047980>) | [May 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27047980>) | 2018-05-24 | 1 \n[1998843](<http://www.ibm.com/support/docview.wss?uid=swg21998843>) | [IBM QRadar Network Security firmware update 5.4.0 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21998843>) | 2017-05-08 | 2 \n[2010305](<http://www.ibm.com/support/docview.wss?uid=swg22010305>) | [Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011)](<http://www.ibm.com/support/docview.wss?uid=swg22010305>) | 2018-02-15 | 3 \n[1902736](<http://www.ibm.com/support/docview.wss?uid=swg21902736>) | [System requirements for IBM QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21902736>) | 2017-04-14 | 4 \n[2003331](<http://www.ibm.com/support/docview.wss?uid=swg22003331>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg22003331>) | 2017-05-15 | 5 \n[2008340](<http://www.ibm.com/support/docview.wss?uid=swg22008340>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515)](<http://www.ibm.com/support/docview.wss?uid=swg22008340>) | 2018-02-15 | 6 \n[2008339](<http://www.ibm.com/support/docview.wss?uid=swg22008339>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump](<http://www.ibm.com/support/docview.wss?uid=swg22008339>) | 2018-02-15 | 7 \n[2008854](<http://www.ibm.com/support/docview.wss?uid=swg22008854>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22008854>) | 2018-02-15 | 8 \n[2008853](<http://www.ibm.com/support/docview.wss?uid=swg22008853>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc](<http://www.ibm.com/support/docview.wss?uid=swg22008853>) | 2018-02-15 | 9 \n[2009835](<http://www.ibm.com/support/docview.wss?uid=swg22009835>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800)](<http://www.ibm.com/support/docview.wss?uid=swg22009835>) | 2018-02-15 | 10 \n[2007316](<http://www.ibm.com/support/docview.wss?uid=swg22007316>) | [5.4.0.1-ISS-XGS-All-Models-Hotfix-IF0004](<http://www.ibm.com/support/docview.wss?uid=swg22007316>) | 2017-08-24 | 11 \n[2001911](<http://www.ibm.com/support/docview.wss?uid=swg22001911>) | [Unable to upgrade IBM QRadar Network Security firmware version 5.3.x to 5.4.x from the inserted USB flash drive.](<http://www.ibm.com/support/docview.wss?uid=swg22001911>) | 2017-12-11 | 12 \n[2007535](<http://www.ibm.com/support/docview.wss?uid=swg22007535>) | [Security Bulletin: IBM QRadar Network Security is affected by a less-secure algorithm during negotiations vulnerability (CVE-2017-1491)](<http://www.ibm.com/support/docview.wss?uid=swg22007535>) | 2018-02-15 | 13 \n[1996987](<http://www.ibm.com/support/docview.wss?uid=swg21996987>) | [IBM QRadar Network Security 5.4 Web Services API ](<http://www.ibm.com/support/docview.wss?uid=swg21996987>) | 2017-04-18 | 14 \n[2007918](<http://www.ibm.com/support/docview.wss?uid=swg22007918>) | [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22007918>) | 2018-02-15 | 15 \n[1988573](<http://www.ibm.com/support/docview.wss?uid=swg21988573>) | [IBM QRadar Network Security (XGS) Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21988573>) | 2017-04-14 | 16 \n[2007554](<http://www.ibm.com/support/docview.wss?uid=swg22007554>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634)](<http://www.ibm.com/support/docview.wss?uid=swg22007554>) | 2018-02-15 | 17 \n[1995440](<http://www.ibm.com/support/docview.wss?uid=swg21995440>) | [Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) ](<http://www.ibm.com/support/docview.wss?uid=swg21995440>) | 2018-02-15 | 18 \n[7049539](<http://www.ibm.com/support/docview.wss?uid=swg27049539>) | [Open Mic replay: What is new in the latest XGS firmware updates - 29 March 2017 (Includes link to video; presentation is attached)](<http://www.ibm.com/support/docview.wss?uid=swg27049539>) | 2017-04-15 | 19 \n[2007557](<http://www.ibm.com/support/docview.wss?uid=swg22007557>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in libtasn1 (CVE-2015-3622, CVE-2015-2806)](<http://www.ibm.com/support/docview.wss?uid=swg22007557>) | 2018-02-15 | 20 \n[2003343](<http://www.ibm.com/support/docview.wss?uid=swg22003343>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22003343>) | 2018-02-15 | 21 \n[2007551](<http://www.ibm.com/support/docview.wss?uid=swg22007551>) | [Security Bulletin: IBM QRadar Network Security is affected by potential issues of XML External Entity Injection (CVE-2017-1458)](<http://www.ibm.com/support/docview.wss?uid=swg22007551>) | 2018-02-15 | 22 \n[2004744](<http://www.ibm.com/support/docview.wss?uid=swg22004744>) | [Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel](<http://www.ibm.com/support/docview.wss?uid=swg22004744>) | 2018-02-15 | 23 \n[2007315](<http://www.ibm.com/support/docview.wss?uid=swg22007315>) | [5.4.0.1-ISS-XGS-All-Models-Hotfix-IF0003 ](<http://www.ibm.com/support/docview.wss?uid=swg22007315>) | 2017-08-24 | 24 \n[2007550](<http://www.ibm.com/support/docview.wss?uid=swg22007550>) | [Security Bulletin: IBM QRadar Network Security is affected by potential issues of Cross-Site Scripting (CVE-2017-1457)](<http://www.ibm.com/support/docview.wss?uid=swg22007550>) | 2018-02-15 | 25 \n[2007539](<http://www.ibm.com/support/docview.wss?uid=swg22007539>) | [Security Bulletin: IBM QRadar Network Security has updated commons-fileupload for known vulnerabilities (CVE-2016-3092)](<http://www.ibm.com/support/docview.wss?uid=swg22007539>) | 2018-02-15 | 26 \n[2007553](<http://www.ibm.com/support/docview.wss?uid=swg22007553>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in Curl (CVE-2016-7167)](<http://www.ibm.com/support/docview.wss?uid=swg22007553>) | 2018-02-15 | 27 \n[1987978](<http://www.ibm.com/support/docview.wss?uid=swg21987978>) | [Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564) ](<http://www.ibm.com/support/docview.wss?uid=swg21987978>) | 2018-02-15 | 28 \n[2005764](<http://www.ibm.com/support/docview.wss?uid=swg22005764>) | [Security Bulletin: IBM Security Network Protection is affected by a vulnerability in glibc](<http://www.ibm.com/support/docview.wss?uid=swg22005764>) | 2018-02-15 | 29 \n[1979372](<http://www.ibm.com/support/docview.wss?uid=swg21979372>) | [Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787) ](<http://www.ibm.com/support/docview.wss?uid=swg21979372>) | 2018-02-15 | 30 \n[1996290](<http://www.ibm.com/support/docview.wss?uid=swg21996290>) | [5.3.3-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg21996290>) | 2017-04-14 | 31 \n[2007552](<http://www.ibm.com/support/docview.wss?uid=swg22007552>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22007552>) | 2018-02-15 | 32 \n[1988243](<http://www.ibm.com/support/docview.wss?uid=swg21988243>) | [5.3.2.3-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg21988243>) | 2017-04-14 | 33 \n[1993670](<http://www.ibm.com/support/docview.wss?uid=swg21993670>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, and CVE-2016-5542)](<http://www.ibm.com/support/docview.wss?uid=swg21993670>) | 2018-02-15 | 34 \n[1996808](<http://www.ibm.com/support/docview.wss?uid=swg21996808>) | [5.3.1.11-ISS-XGS-All-Models-Hotfix-IF0002](<http://www.ibm.com/support/docview.wss?uid=swg21996808>) | 2017-04-14 | 35 \n[2001802](<http://www.ibm.com/support/docview.wss?uid=swg22001802>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0005](<http://www.ibm.com/support/docview.wss?uid=swg22001802>) | 2017-04-18 | 36 \n[1980157](<http://www.ibm.com/support/docview.wss?uid=swg21980157>) | [Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2015-8629, and CVE-2015-8631) ](<http://www.ibm.com/support/docview.wss?uid=swg21980157>) | 2018-02-15 | 37 \n[1991724](<http://www.ibm.com/support/docview.wss?uid=swg21991724>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg21991724>) | 2018-02-15 | 38 \n[1999248](<http://www.ibm.com/support/docview.wss?uid=swg21999248>) | [Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-8325)](<http://www.ibm.com/support/docview.wss?uid=swg21999248>) | 2018-02-15 | 39 \n[2003045](<http://www.ibm.com/support/docview.wss?uid=swg22003045>) | [Security Bulletin: IBM Security Network Protection is affected by Vulnerabilities in GNU Bash](<http://www.ibm.com/support/docview.wss?uid=swg22003045>) | 2018-02-15 | 40 \n[2003046](<http://www.ibm.com/support/docview.wss?uid=swg22003046>) | [Security Bulletin: IBM Security Network Protection is affected by a vulnerability in coreutils (util-linux)](<http://www.ibm.com/support/docview.wss?uid=swg22003046>) | 2018-02-15 | 41 \n[2003341](<http://www.ibm.com/support/docview.wss?uid=swg22003341>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg22003341>) | 2018-02-15 | 42 \n[7049549](<http://www.ibm.com/support/docview.wss?uid=swg27049549>) | [IBM Infrastructure Security Support February 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27049549>) | 2017-04-15 | 43 \n[2005379](<http://www.ibm.com/support/docview.wss?uid=swg22005379>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc (CVE-2017-1000366)](<http://www.ibm.com/support/docview.wss?uid=swg22005379>) | 2018-02-15 | 44 \n[7050074](<http://www.ibm.com/support/docview.wss?uid=swg27050074>) | [IBM Infrastructure Security Support June 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050074>) | 2017-07-17 | 45 \n[1961717](<http://www.ibm.com/support/docview.wss?uid=swg21961717>) | [Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Protection (CVE-2015-4000) ](<http://www.ibm.com/support/docview.wss?uid=swg21961717>) | 2018-02-15 | 46 \n[1992187](<http://www.ibm.com/support/docview.wss?uid=swg21992187>) | [IBM QRadar Network Security XGS 5200/7100 fails to start](<http://www.ibm.com/support/docview.wss?uid=swg21992187>) | 2017-05-16 | 47 \n[7050656](<http://www.ibm.com/support/docview.wss?uid=swg27050656>) | [IBM Infrastructure Security Support November 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050656>) | 2017-12-18 | 48 \n[1984583](<http://www.ibm.com/support/docview.wss?uid=swg21984583>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21984583>) | 2018-02-15 | 49 \n[2000992](<http://www.ibm.com/support/docview.wss?uid=swg22000992>) | [Blocking tunneled packets in IBM QRadar Network Security XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg22000992>) | 2017-07-16 | 50 \n[2001907](<http://www.ibm.com/support/docview.wss?uid=swg22001907>) | [Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg22001907>) | 2018-02-15 | 51 \n[2003633](<http://www.ibm.com/support/docview.wss?uid=swg22003633>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in coreutils (util-linux)](<http://www.ibm.com/support/docview.wss?uid=swg22003633>) | 2018-02-15 | 52 \n[7049861](<http://www.ibm.com/support/docview.wss?uid=swg27049861>) | [IBM Infrastructure Security Support April 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27049861>) | 2017-05-20 | 53 \n[7050269](<http://www.ibm.com/support/docview.wss?uid=swg27050269>) | [IBM Infrastructure Security Support August 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050269>) | 2017-09-18 | 54 \n[1961447](<http://www.ibm.com/support/docview.wss?uid=swg21961447>) | [Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21961447>) | 2018-02-15 | 55 \n[1985122](<http://www.ibm.com/support/docview.wss?uid=swg21985122>) | [Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21985122>) | 2018-02-15 | 56 \n[1985753](<http://www.ibm.com/support/docview.wss?uid=swg21985753>) | [Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg21985753>) | 2018-02-15 | 57 \n[1990083](<http://www.ibm.com/support/docview.wss?uid=swg21990083>) | [Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) ](<http://www.ibm.com/support/docview.wss?uid=swg21990083>) | 2018-02-15 | 58 \n[1994071](<http://www.ibm.com/support/docview.wss?uid=swg21994071>) | [Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313) ](<http://www.ibm.com/support/docview.wss?uid=swg21994071>) | 2018-02-15 | 59 \n[1997604](<http://www.ibm.com/support/docview.wss?uid=swg21997604>) | [Network interface module population changes on the XGS appliance are not reflected on the managing SiteProtector System](<http://www.ibm.com/support/docview.wss?uid=swg21997604>) | 2017-04-18 | 60 \n[1999246](<http://www.ibm.com/support/docview.wss?uid=swg21999246>) | [Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21999246>) | 2018-02-15 | 61 \n[2001184](<http://www.ibm.com/support/docview.wss?uid=swg22001184>) | [Pressing and holding the power button does not shut down the IBM QRadar Network Security XGS 5200 appliance](<http://www.ibm.com/support/docview.wss?uid=swg22001184>) | 2017-06-19 | 62 \n[2002507](<http://www.ibm.com/support/docview.wss?uid=swg22002507>) | [Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)](<http://www.ibm.com/support/docview.wss?uid=swg22002507>) | 2018-02-15 | 63 \n[7039297](<http://www.ibm.com/support/docview.wss?uid=swg27039297>) | [Network Protection documentation update: Setting up SSL inspection for the Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg27039297>) | 2017-08-09 | 64 \n[7049965](<http://www.ibm.com/support/docview.wss?uid=swg27049965>) | [IBM Infrastructure Security Support May 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049965>) | 2017-06-27 | 65 \n[7050550](<http://www.ibm.com/support/docview.wss?uid=swg27050550>) | [IBM Infrastructure Security Support October 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050550>) | 2018-05-24 | 66 \n[1903520](<http://www.ibm.com/support/docview.wss?uid=swg21903520>) | [Microsoft Update fails when Outbound SSL inspection is enabled](<http://www.ibm.com/support/docview.wss?uid=swg21903520>) | 2018-05-01 | 67 \n[1961467](<http://www.ibm.com/support/docview.wss?uid=swg21961467>) | [Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Protection (CVE-2013-7423, and CVE-2015-1781) ](<http://www.ibm.com/support/docview.wss?uid=swg21961467>) | 2018-02-15 | 68 \n[1964040](<http://www.ibm.com/support/docview.wss?uid=swg21964040>) | [Known Issues for IBM Security Network Protection firmware update 5.3.1.3](<http://www.ibm.com/support/docview.wss?uid=swg21964040>) | 2017-07-17 | 69 \n[1984424](<http://www.ibm.com/support/docview.wss?uid=swg21984424>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21984424>) | 2018-02-15 | 70 \n[1986974](<http://www.ibm.com/support/docview.wss?uid=swg21986974>) | [Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21986974>) | 2018-02-15 | 71 \n[1989336](<http://www.ibm.com/support/docview.wss?uid=swg21989336>) | [Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989336>) | 2018-02-15 | 72 \n[1995885](<http://www.ibm.com/support/docview.wss?uid=swg21995885>) | [5.3.1.11-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21995885>) | 2017-04-14 | 73 \n[1999162](<http://www.ibm.com/support/docview.wss?uid=swg21999162>) | [Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2016-8610, and CVE-2017-3731)](<http://www.ibm.com/support/docview.wss?uid=swg21999162>) | 2018-02-15 | 74 \n[1999513](<http://www.ibm.com/support/docview.wss?uid=swg21999513>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21999513>) | 2018-02-15 | 75 \n[2002624](<http://www.ibm.com/support/docview.wss?uid=swg22002624>) | [Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)](<http://www.ibm.com/support/docview.wss?uid=swg22002624>) | 2018-02-15 | 76 \n[2011746](<http://www.ibm.com/support/docview.wss?uid=swg22011746>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22011746>) | 2018-05-01 | 77 \n[2011787](<http://www.ibm.com/support/docview.wss?uid=swg22011787>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22011787>) | 2018-05-01 | 78 \n[2016549](<http://www.ibm.com/support/docview.wss?uid=swg22016549>) | [Security Bulletin: IBM Security Network Protection is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg22016549>) | 2018-06-03 | 79 \n[7049238](<http://www.ibm.com/support/docview.wss?uid=swg27049238>) | [IBM Infrastructure Security Support November 2016 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049238>) | 2017-10-17 | 80 \n[7049645](<http://www.ibm.com/support/docview.wss?uid=swg27049645>) | [IBM Infrastructure Security Support March 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049645>) | 2018-05-24 | 81 \n[7050420](<http://www.ibm.com/support/docview.wss?uid=swg27050420>) | [IBM Infrastructure Security Support September 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050420>) | 2018-01-15 | 82 \n[7050716](<http://www.ibm.com/support/docview.wss?uid=swg27050716>) | [IBM Infrastructure Security Support December 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050716>) | 2018-05-24 | 83 \n[7050809](<http://www.ibm.com/support/docview.wss?uid=swg27050809>) | [IBM Infrastructure Security Support January 2018 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050809>) | 2018-05-24 | 84 \n[7050900](<http://www.ibm.com/support/docview.wss?uid=swg27050900>) | [February 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27050900>) | 2018-05-24 | 85 \n[7050972](<http://www.ibm.com/support/docview.wss?uid=swg27050972>) | [March 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27050972>) | 2018-05-24 | 86 \n[7051105](<http://www.ibm.com/support/docview.wss?uid=swg27051105>) | [April 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27051105>) | 2018-05-25 | 87 \n \n\\+ Backups and Recovery\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1669579](<http://www.ibm.com/support/docview.wss?uid=swg21669579>) | [Creating snapshots and options on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21669579>) | 2018-05-01 | 1 \n[1974662](<http://www.ibm.com/support/docview.wss?uid=swg21974662>) | [Restoring a QRadar Network Security sensor to factory defaults settings](<http://www.ibm.com/support/docview.wss?uid=swg21974662>) | 2017-08-06 | 2 \n[1695898](<http://www.ibm.com/support/docview.wss?uid=swg21695898>) | [Reimaging the Security Network Protection (XGS) appliance using the PXE image](<http://www.ibm.com/support/docview.wss?uid=swg21695898>) | 2017-04-14 | 3 \n[1437385](<http://www.ibm.com/support/docview.wss?uid=swg21437385>) | [Accessing a recovery CD or DVD for a Proventia or IBM Security appliance](<http://www.ibm.com/support/docview.wss?uid=swg21437385>) | 2018-05-01 | 4 \n \n\\+ Bypass\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1882622](<http://www.ibm.com/support/docview.wss?uid=swg21882622>) | [Security Network Protection built-in bypass general information](<http://www.ibm.com/support/docview.wss?uid=swg21882622>) | 2018-05-01 | 1 \n[1695421](<http://www.ibm.com/support/docview.wss?uid=swg21695421>) | [Protection interfaces on Network Protection flapping in firmware 5.3.0.2 and earlier](<http://www.ibm.com/support/docview.wss?uid=swg21695421>) | 2018-01-29 | 2 \n[1988927](<http://www.ibm.com/support/docview.wss?uid=swg21988927>) | [Hardware bypass can cause port channel to go down on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21988927>) | 2017-09-26 | 3 \n \n\\+ Command Line Interface (CLI)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1984900](<http://www.ibm.com/support/docview.wss?uid=swg21984900>) | [Security Network Protection Command Line Interface (CLI) troubleshooting commands](<http://www.ibm.com/support/docview.wss?uid=swg21984900>) | 2018-05-01 | 1 \n[1883213](<http://www.ibm.com/support/docview.wss?uid=swg21883213>) | [Capturing network traffic on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21883213>) | 2017-10-30 | 2 \n[1903461](<http://www.ibm.com/support/docview.wss?uid=swg21903461>) | [Affected processes when restarting services from the CLI on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21903461>) | 2017-08-28 | 3 \n[7045931](<http://www.ibm.com/support/docview.wss?uid=swg27045931>) | [Open Mic Webcast: Making use of logs and captures on the XGS - Wednesday, 24 June 2015 [includes link to recording; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045931>) | 2018-05-23 | 4 \n[1990297](<http://www.ibm.com/support/docview.wss?uid=swg21990297>) | [DPI reenabled after manually disabling it on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21990297>) | 2017-11-06 | 5 \n[1966577](<http://www.ibm.com/support/docview.wss?uid=swg21966577>) | [\"Command failure\" when checking interface status on Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21966577>) | 2017-04-14 | 6 \n[1970266](<http://www.ibm.com/support/docview.wss?uid=swg21970266>) | [System shutdown produces irq 16 error on XGS 7100 sensors](<http://www.ibm.com/support/docview.wss?uid=swg21970266>) | 2017-04-14 | 7 \n \n\\+ Documentation\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1974231](<http://www.ibm.com/support/docview.wss?uid=swg21974231>) | [Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161) ](<http://www.ibm.com/support/docview.wss?uid=swg21974231>) | 2018-02-15 | 1 \n[1986450](<http://www.ibm.com/support/docview.wss?uid=swg21986450>) | [IBM Security Network Protection firmware update 5.3.3 release notes ](<http://www.ibm.com/support/docview.wss?uid=swg21986450>) | 2018-05-28 | 2 \n[1996724](<http://www.ibm.com/support/docview.wss?uid=swg21996724>) | [IBM Security Network Protection firmware update 5.3.3.2 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996724>) | 2017-04-14 | 3 \n[1993418](<http://www.ibm.com/support/docview.wss?uid=swg21993418>) | [Stacking IBM Security Network Protection XGS Appliance 7100 ](<http://www.ibm.com/support/docview.wss?uid=swg21993418>) | 2017-07-12 | 4 \n[1984078](<http://www.ibm.com/support/docview.wss?uid=swg21984078>) | [IBM Security Network Protection firmware update 5.3.2.3 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21984078>) | 2017-05-10 | 5 \n[1687204](<http://www.ibm.com/support/docview.wss?uid=swg21687204>) | [IBM Security Network Protection 5.3 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21687204>) | 2017-10-16 | 6 \n[1993057](<http://www.ibm.com/support/docview.wss?uid=swg21993057>) | [IBM Security Network Protection firmware update 5.3.3.1 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993057>) | 2017-04-14 | 7 \n[1986529](<http://www.ibm.com/support/docview.wss?uid=swg21986529>) | [IBM Security Network Protection XGS Appliance Machine Code Updates for the firmware update 5.3.3.](<http://www.ibm.com/support/docview.wss?uid=swg21986529>) | 2018-05-27 | 8 \n[1968171](<http://www.ibm.com/support/docview.wss?uid=swg21968171>) | [IBM Security Network Protection firmware update 5.3.2 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21968171>) | 2017-04-14 | 9 \n[1997036](<http://www.ibm.com/support/docview.wss?uid=swg21997036>) | [Optimizing packet processing for an IBM Security Network Protection XGS 7100 appliance with network interface module (NIM) bays partially populated](<http://www.ibm.com/support/docview.wss?uid=swg21997036>) | 2017-04-14 | 10 \n[1902372](<http://www.ibm.com/support/docview.wss?uid=swg21902372>) | [Using the Infrastructure Security support forum in dW Answers](<http://www.ibm.com/support/docview.wss?uid=swg21902372>) | 2018-05-01 | 11 \n[1996693](<http://www.ibm.com/support/docview.wss?uid=swg21996693>) | [Blocking HTTPS websites using domain category objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21996693>) | 2018-05-23 | 12 \n[1996771](<http://www.ibm.com/support/docview.wss?uid=swg21996771>) | [IBM Security Network Protection firmware update 5.3.2.6 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996771>) | 2017-04-14 | 13 \n[1988993](<http://www.ibm.com/support/docview.wss?uid=swg21988993>) | [IBM Security Network Protection firmware update 5.3.2.4 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21988993>) | 2017-04-14 | 14 \n[1993417](<http://www.ibm.com/support/docview.wss?uid=swg21993417>) | [Configuring IBM Security Network Protection 5.3.3.1 to use flow data collector mode](<http://www.ibm.com/support/docview.wss?uid=swg21993417>) | 2017-04-14 | 15 \n[1694966](<http://www.ibm.com/support/docview.wss?uid=swg21694966>) | [IBM Security Network Protection 5.3.1 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21694966>) | 2017-06-27 | 16 \n[1968449](<http://www.ibm.com/support/docview.wss?uid=swg21968449>) | [IBM Security Network Protection firmware update 5.3.1.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21968449>) | 2017-04-14 | 17 \n[1978185](<http://www.ibm.com/support/docview.wss?uid=swg21978185>) | [IBM Security Network Protection firmware update 5.3.2.2 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21978185>) | 2017-04-14 | 18 \n[1974242](<http://www.ibm.com/support/docview.wss?uid=swg21974242>) | [Security Bulletin: A vulnerability in the GSKit component of IBM Security Network Protection Why (CVE-2016-0201)](<http://www.ibm.com/support/docview.wss?uid=swg21974242>) | 2017-04-14 | 19 \n[1993327](<http://www.ibm.com/support/docview.wss?uid=swg21993327>) | [IBM Security Network Protection firmware update 5.3.2.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993327>) | 2017-04-14 | 20 \n[1971777](<http://www.ibm.com/support/docview.wss?uid=swg21971777>) | [Automated Service and Support on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21971777>) | 2017-04-14 | 21 \n[1986088](<http://www.ibm.com/support/docview.wss?uid=swg21986088>) | [Configuring Address objects for the Management Access Policy on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986088>) | 2017-08-24 | 22 \n[1997651](<http://www.ibm.com/support/docview.wss?uid=swg21997651>) | [Configuring Remote Syslog over TLS for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21997651>) | 2018-01-08 | 23 \n[1688361](<http://www.ibm.com/support/docview.wss?uid=swg21688361>) | [Understanding the term User Overridden in regard to security event configurations on GX and XGS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21688361>) | 2018-05-01 | 24 \n[1971601](<http://www.ibm.com/support/docview.wss?uid=swg21971601>) | [IBM Security Network Protection firmware update 5.3.1.6 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21971601>) | 2017-10-17 | 25 \n[1974524](<http://www.ibm.com/support/docview.wss?uid=swg21974524>) | [IBM Security Network Protection firmware update 5.3.1.7 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21974524>) | 2017-04-14 | 26 \n[1975225](<http://www.ibm.com/support/docview.wss?uid=swg21975225>) | [Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975225>) | 2017-04-14 | 27 \n[1989026](<http://www.ibm.com/support/docview.wss?uid=swg21989026>) | [IBM Security Network Protection firmware update 5.3.1.10 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21989026>) | 2017-04-14 | 28 \n[2003106](<http://www.ibm.com/support/docview.wss?uid=swg22003106>) | [Reduce link propagation duration on IBM QRadar Network Security (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg22003106>) | 2017-09-13 | 29 \n[1683071](<http://www.ibm.com/support/docview.wss?uid=swg21683071>) | [Security Network Protection Appliance (XGS) stuck in debug mode](<http://www.ibm.com/support/docview.wss?uid=swg21683071>) | 2018-05-01 | 30 \n[1977808](<http://www.ibm.com/support/docview.wss?uid=swg21977808>) | [IBM Security Network Protection 5.3.3 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21977808>) | 2018-05-01 | 31 \n[1990337](<http://www.ibm.com/support/docview.wss?uid=swg21990337>) | [Using RESTful API to modify policies on the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21990337>) | 2017-04-14 | 32 \n[1993329](<http://www.ibm.com/support/docview.wss?uid=swg21993329>) | [IBM Security Network Protection firmware update 5.3.1.11 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993329>) | 2017-04-14 | 33 \n[1966695](<http://www.ibm.com/support/docview.wss?uid=swg21966695>) | [Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2015-5621) ](<http://www.ibm.com/support/docview.wss?uid=swg21966695>) | 2017-04-14 | 34 \n[1966972](<http://www.ibm.com/support/docview.wss?uid=swg21966972>) | [Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21966972>) | 2017-04-14 | 35 \n[1977281](<http://www.ibm.com/support/docview.wss?uid=swg21977281>) | [Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-7547)](<http://www.ibm.com/support/docview.wss?uid=swg21977281>) | 2017-04-14 | 36 \n[1692722](<http://www.ibm.com/support/docview.wss?uid=swg21692722>) | [Requirement for managing the IBM Security Network Protection appliance in a NAT environment using the IBM Security SiteProtector system](<http://www.ibm.com/support/docview.wss?uid=swg21692722>) | 2017-04-14 | 37 \n[1996773](<http://www.ibm.com/support/docview.wss?uid=swg21996773>) | [IBM Security Network Protection firmware update 5.3.1.12 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996773>) | 2017-04-14 | 38 \n[2004898](<http://www.ibm.com/support/docview.wss?uid=swg22004898>) | [SNMP interface name association on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004898>) | 2017-10-02 | 39 \n[1965877](<http://www.ibm.com/support/docview.wss?uid=swg21965877>) | [Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2014-3565) ](<http://www.ibm.com/support/docview.wss?uid=swg21965877>) | 2017-04-14 | 40 \n[1967057](<http://www.ibm.com/support/docview.wss?uid=swg21967057>) | [Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Security Network Protection (CVE-2015-3183, and CVE-2015-1283)](<http://www.ibm.com/support/docview.wss?uid=swg21967057>) | 2017-04-14 | 41 \n[1978181](<http://www.ibm.com/support/docview.wss?uid=swg21978181>) | [IBM Security Network Protection firmware update 5.3.1.8 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21978181>) | 2017-04-14 | 42 \n[1978438](<http://www.ibm.com/support/docview.wss?uid=swg21978438>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21978438>) | 2017-04-14 | 43 \n[1662537](<http://www.ibm.com/support/docview.wss?uid=swg21662537>) | [Fingerprint USB flash drives are unable to reimage an XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21662537>) | 2017-04-14 | 44 \n[1665106](<http://www.ibm.com/support/docview.wss?uid=swg21665106>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0002 ](<http://www.ibm.com/support/docview.wss?uid=swg21665106>) | 2017-04-14 | 45 \n[1964539](<http://www.ibm.com/support/docview.wss?uid=swg21964539>) | [Security Bulletin: Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246) ](<http://www.ibm.com/support/docview.wss?uid=swg21964539>) | 2017-04-14 | 46 \n[1966578](<http://www.ibm.com/support/docview.wss?uid=swg21966578>) | [Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405) ](<http://www.ibm.com/support/docview.wss?uid=swg21966578>) | 2017-04-14 | 47 \n[1967169](<http://www.ibm.com/support/docview.wss?uid=swg21967169>) | [Security Bulletin: A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121) ](<http://www.ibm.com/support/docview.wss?uid=swg21967169>) | 2017-04-14 | 48 \n[1969664](<http://www.ibm.com/support/docview.wss?uid=swg21969664>) | [Security Bulletin: A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819) ](<http://www.ibm.com/support/docview.wss?uid=swg21969664>) | 2017-04-14 | 49 \n[1972209](<http://www.ibm.com/support/docview.wss?uid=swg21972209>) | [Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345) ](<http://www.ibm.com/support/docview.wss?uid=swg21972209>) | 2017-04-14 | 50 \n[1972382](<http://www.ibm.com/support/docview.wss?uid=swg21972382>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21972382>) | 2017-04-14 | 51 \n[1974423](<http://www.ibm.com/support/docview.wss?uid=swg21974423>) | [5.3.1.6-ISS-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21974423>) | 2017-12-11 | 52 \n[1974550](<http://www.ibm.com/support/docview.wss?uid=swg21974550>) | [Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196) ](<http://www.ibm.com/support/docview.wss?uid=swg21974550>) | 2017-04-14 | 53 \n[1974989](<http://www.ibm.com/support/docview.wss?uid=swg21974989>) | [Security Bulletin: A vulnerability in SQLite affects IBM Security Network Protection (CVE-2015-3416) ](<http://www.ibm.com/support/docview.wss?uid=swg21974989>) | 2017-04-14 | 54 \n[1975835](<http://www.ibm.com/support/docview.wss?uid=swg21975835>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975835>) | 2017-04-14 | 55 \n[1979393](<http://www.ibm.com/support/docview.wss?uid=swg21979393>) | [Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-5300, CVE-2015-7704, and CVE-2015-8138)](<http://www.ibm.com/support/docview.wss?uid=swg21979393>) | 2017-04-14 | 56 \n[1984069](<http://www.ibm.com/support/docview.wss?uid=swg21984069>) | [IBM Security Network Protection firmware update 5.3.1.9 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21984069>) | 2017-05-09 | 57 \n[1993419](<http://www.ibm.com/support/docview.wss?uid=swg21993419>) | [Configuring logon session limit for IBM Security Network Protection 5.3.3.1](<http://www.ibm.com/support/docview.wss?uid=swg21993419>) | 2017-04-14 | 58 \n \n\\+ Firmware\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1688434](<http://www.ibm.com/support/docview.wss?uid=swg21688434>) | [Generating a support file on the IBM Security Network Protection appliance (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21688434>) | 2017-04-14 | 1 \n[1883739](<http://www.ibm.com/support/docview.wss?uid=swg21883739>) | [SNMP OID list for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21883739>) | 2018-05-01 | 2 \n[1685000](<http://www.ibm.com/support/docview.wss?uid=swg21685000>) | [IBM Security Network Protection (XGS) appliance reimage instructions using the USB device](<http://www.ibm.com/support/docview.wss?uid=swg21685000>) | 2017-04-14 | 3 \n[2010780](<http://www.ibm.com/support/docview.wss?uid=swg22010780>) | [IBM QRadar Network Security firmware update 5.4.0.3 readme](<http://www.ibm.com/support/docview.wss?uid=swg22010780>) | 2017-12-13 | 4 \n[2007210](<http://www.ibm.com/support/docview.wss?uid=swg22007210>) | [IBM QRadar Network Security firmware update 5.4.0.2 readme](<http://www.ibm.com/support/docview.wss?uid=swg22007210>) | 2017-12-05 | 5 \n[1959896](<http://www.ibm.com/support/docview.wss?uid=swg21959896>) | [Migrate policies before running Security Network Protection firmware updates](<http://www.ibm.com/support/docview.wss?uid=swg21959896>) | 2018-01-29 | 6 \n[2002664](<http://www.ibm.com/support/docview.wss?uid=swg22002664>) | [IBM QRadar Network Security firmware update 5.4.0.1 readme](<http://www.ibm.com/support/docview.wss?uid=swg22002664>) | 2017-12-05 | 7 \n[2010783](<http://www.ibm.com/support/docview.wss?uid=swg22010783>) | [IBM Security Network Protection firmware update 5.3.3.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22010783>) | 2017-12-13 | 8 \n[2002662](<http://www.ibm.com/support/docview.wss?uid=swg22002662>) | [IBM Security Network Protection firmware update 5.3.3.3 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg22002662>) | 2017-06-19 | 9 \n[2007211](<http://www.ibm.com/support/docview.wss?uid=swg22007211>) | [IBM Security Network Protection firmware update 5.3.3.4 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22007211>) | 2017-09-28 | 10 \n[1681609](<http://www.ibm.com/support/docview.wss?uid=swg21681609>) | [Mapping SiteProtector IBM QRadar Network Security IQNS (XGS) policy names to local appliance XML files](<http://www.ibm.com/support/docview.wss?uid=swg21681609>) | 2018-05-01 | 11 \n[2010784](<http://www.ibm.com/support/docview.wss?uid=swg22010784>) | [IBM Security Network Protection firmware update 5.3.1.15 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22010784>) | 2017-12-13 | 12 \n[1691157](<http://www.ibm.com/support/docview.wss?uid=swg21691157>) | [Security Network protection (XGS) Shared Object policies that are replaced after upgrade DBSP 3.1.1.2 and 3.1.1.3](<http://www.ibm.com/support/docview.wss?uid=swg21691157>) | 2018-05-01 | 13 \n[1964460](<http://www.ibm.com/support/docview.wss?uid=swg21964460>) | [IBM Security Network Protection Firmware Version 5.3.1.3 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21964460>) | 2017-08-24 | 14 \n[1961419](<http://www.ibm.com/support/docview.wss?uid=swg21961419>) | [IBM Security Network Protection Firmware Version 5.3.1.2 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21961419>) | 2017-10-16 | 15 \n[1990406](<http://www.ibm.com/support/docview.wss?uid=swg21990406>) | [Upgrade to IBM Security Network Protection (XGS) Firmware version 5.3.3 fails and causes the appliance un-configured.](<http://www.ibm.com/support/docview.wss?uid=swg21990406>) | 2017-04-14 | 16 \n[2007212](<http://www.ibm.com/support/docview.wss?uid=swg22007212>) | [IBM Security Network Protection firmware update 5.3.1.14 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22007212>) | 2017-09-28 | 17 \n[1902801](<http://www.ibm.com/support/docview.wss?uid=swg21902801>) | [IBM Infrastructure Security versioning information](<http://www.ibm.com/support/docview.wss?uid=swg21902801>) | 2017-08-24 | 18 \n[1961660](<http://www.ibm.com/support/docview.wss?uid=swg21961660>) | [Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Protection (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 ) ](<http://www.ibm.com/support/docview.wss?uid=swg21961660>) | 2018-02-15 | 19 \n[7047165](<http://www.ibm.com/support/docview.wss?uid=swg27047165>) | [Open Mic Webcast: What is new in the XGS v5.3.2 firmware release? - 9 December 2015 [includes link to replay] [presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047165>) | 2017-04-15 | 20 \n[1691283](<http://www.ibm.com/support/docview.wss?uid=swg21691283>) | [Missing SiteProtector Management page after updating to 5.3 firmware](<http://www.ibm.com/support/docview.wss?uid=swg21691283>) | 2018-05-01 | 21 \n[1961670](<http://www.ibm.com/support/docview.wss?uid=swg21961670>) | [Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422) ](<http://www.ibm.com/support/docview.wss?uid=swg21961670>) | 2018-02-15 | 22 \n[7048510](<http://www.ibm.com/support/docview.wss?uid=swg27048510>) | [Open Mic Webcast: About the XGS 5.3.3 firmware release - 25 August 2016 [includes link to replay] [presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27048510>) | 2017-04-15 | 23 \n[1957677](<http://www.ibm.com/support/docview.wss?uid=swg21957677>) | [Upgrading multiple firmware versions at one time on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21957677>) | 2017-08-09 | 24 \n[1959774](<http://www.ibm.com/support/docview.wss?uid=swg21959774>) | [IBM Security Network Protection Firmware Version 5.3.1.1 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21959774>) | 2018-05-01 | 25 \n[1961454](<http://www.ibm.com/support/docview.wss?uid=swg21961454>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21961454>) | 2018-02-15 | 26 \n[1965761](<http://www.ibm.com/support/docview.wss?uid=swg21965761>) | [Network Protection Firmware Version 5.3.1.4 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21965761>) | 2017-08-24 | 27 \n[1989974](<http://www.ibm.com/support/docview.wss?uid=swg21989974>) | [Unconfigured state after upgrading from 5.2 or 5.3.0.x to 5.3.3 on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989974>) | 2017-10-02 | 28 \n[2002663](<http://www.ibm.com/support/docview.wss?uid=swg22002663>) | [IBM Security Network Protection firmware update 5.3.1.13 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22002663>) | 2017-06-19 | 29 \n[2014163](<http://www.ibm.com/support/docview.wss?uid=swg22014163>) | [IBM Security Network Protection firmware update 5.3.1.16 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22014163>) | 2018-05-01 | 30 \n[2014164](<http://www.ibm.com/support/docview.wss?uid=swg22014164>) | [IBM Security Network Protection firmware update 5.3.3.6 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22014164>) | 2018-05-01 | 31 \n[2014165](<http://www.ibm.com/support/docview.wss?uid=swg22014165>) | [IBM QRadar Network Security firmware update 5.4.0.4 readme](<http://www.ibm.com/support/docview.wss?uid=swg22014165>) | 2018-05-01 | 32 \n[2015856](<http://www.ibm.com/support/docview.wss?uid=swg22015856>) | [End of support (EOS) announcement: IBM Security Network Protection (XGS) firmware versions 5.3.1 and 5.3.3](<http://www.ibm.com/support/docview.wss?uid=swg22015856>) | 2018-05-13 | 33 \n \n\\+ Fix Packs\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1696498](<http://www.ibm.com/support/docview.wss?uid=swg21696498>) | [5.3.0.4-ISS-XGS-All-Models-Hotfix-FP0001](<http://www.ibm.com/support/docview.wss?uid=swg21696498>) | 2017-04-14 | 1 \n \n\\+ General Information\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1644709](<http://www.ibm.com/support/docview.wss?uid=swg21644709>) | [IBM Security Network Protection XGS Appliance Support Lifecycle](<http://www.ibm.com/support/docview.wss?uid=swg21644709>) | 2018-05-15 | 1 \n[1993939](<http://www.ibm.com/support/docview.wss?uid=swg21993939>) | [IBM Qradar Network Security (IQNS) is Unhealthy in SiteProtector, with health check message: \"Management Certificate Authorities Status\"](<http://www.ibm.com/support/docview.wss?uid=swg21993939>) | 2018-05-01 | 2 \n[1994106](<http://www.ibm.com/support/docview.wss?uid=swg21994106>) | [Error: \"BUG: soft lockup - CPU#1 stuck for 67s!\" on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21994106>) | 2018-05-23 | 3 \n[1662575](<http://www.ibm.com/support/docview.wss?uid=swg21662575>) | [Configuring the IBM Security Network Protection (XGS) remote syslog to send events to QRadar SIEM](<http://www.ibm.com/support/docview.wss?uid=swg21662575>) | 2017-04-14 | 4 \n[1970829](<http://www.ibm.com/support/docview.wss?uid=swg21970829>) | [Call home server IP addresses for automated Service and Support requests](<http://www.ibm.com/support/docview.wss?uid=swg21970829>) | 2017-10-06 | 5 \n[7050516](<http://www.ibm.com/support/docview.wss?uid=swg27050516>) | [Open Mic Webcast: Frequently asked How-to questions for XGS - Thursday, 7 December 2017 (Includes link to replay; presentation is attached)](<http://www.ibm.com/support/docview.wss?uid=swg27050516>) | 2017-12-14 | 6 \n[1683796](<http://www.ibm.com/support/docview.wss?uid=swg21683796>) | [Configuring the management IP on the QRadar Network Security (XGS) appliance via serial console](<http://www.ibm.com/support/docview.wss?uid=swg21683796>) | 2018-05-01 | 7 \n[1639239](<http://www.ibm.com/support/docview.wss?uid=swg21639239>) | [ISS.mib file download](<http://www.ibm.com/support/docview.wss?uid=swg21639239>) | 2017-08-24 | 8 \n[1980543](<http://www.ibm.com/support/docview.wss?uid=swg21980543>) | [Checking the health of Security Network Protection and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980543>) | 2018-05-29 | 9 \n[1969670](<http://www.ibm.com/support/docview.wss?uid=swg21969670>) | [Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-5600) ](<http://www.ibm.com/support/docview.wss?uid=swg21969670>) | 2017-04-14 | 10 \n[1608008](<http://www.ibm.com/support/docview.wss?uid=swg21608008>) | [IBM Security Network Protection XGS 5000 Appliance Support Lifecycle](<http://www.ibm.com/support/docview.wss?uid=swg21608008>) | 2018-05-01 | 11 \n[1983893](<http://www.ibm.com/support/docview.wss?uid=swg21983893>) | [XFF header configuration on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983893>) | 2018-06-01 | 12 \n[1690064](<http://www.ibm.com/support/docview.wss?uid=swg21690064>) | [The Security Network Protection appliance Certificate Authority expires soon](<http://www.ibm.com/support/docview.wss?uid=swg21690064>) | 2018-05-01 | 13 \n[1687475](<http://www.ibm.com/support/docview.wss?uid=swg21687475>) | [Some XGS events are being allowed after setting the Block response](<http://www.ibm.com/support/docview.wss?uid=swg21687475>) | 2017-09-04 | 14 \n[1972163](<http://www.ibm.com/support/docview.wss?uid=swg21972163>) | [Security Network Protection (XGS) is in Offline status but events are seen in the SiteProtector Console](<http://www.ibm.com/support/docview.wss?uid=swg21972163>) | 2017-04-14 | 15 \n[1715537](<http://www.ibm.com/support/docview.wss?uid=swg21715537>) | [Known issues for IBM Security Network Protection version 5.3.1](<http://www.ibm.com/support/docview.wss?uid=swg21715537>) | 2018-05-04 | 16 \n[1667625](<http://www.ibm.com/support/docview.wss?uid=swg21667625>) | [Packet flow through the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21667625>) | 2018-05-01 | 17 \n[1973893](<http://www.ibm.com/support/docview.wss?uid=swg21973893>) | [Resolving \"certificate is invalid\" errors between SiteProtector and Security Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21973893>) | 2017-04-14 | 18 \n[1981483](<http://www.ibm.com/support/docview.wss?uid=swg21981483>) | [Resetting admin account credentials on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21981483>) | 2017-08-02 | 19 \n[1972077](<http://www.ibm.com/support/docview.wss?uid=swg21972077>) | [Registering a Security Network Protection appliance to SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21972077>) | 2017-04-14 | 20 \n[1980541](<http://www.ibm.com/support/docview.wss?uid=swg21980541>) | [Create alerts based on specific Security Network Protection (XGS) system alerts](<http://www.ibm.com/support/docview.wss?uid=swg21980541>) | 2017-04-14 | 21 \n[1981030](<http://www.ibm.com/support/docview.wss?uid=swg21981030>) | [OpenSignature setup and rule creation for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21981030>) | 2017-04-14 | 22 \n[2001013](<http://www.ibm.com/support/docview.wss?uid=swg22001013>) | [How to verify if FIPS mode is enabled on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22001013>) | 2018-05-01 | 23 \n[1983883](<http://www.ibm.com/support/docview.wss?uid=swg21983883>) | [Changing the hostname and agent name of a Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21983883>) | 2017-08-09 | 24 \n[7046863](<http://www.ibm.com/support/docview.wss?uid=swg27046863>) | [Open Mic Webcast: XGS High Availability and Bypass - 28 October 2015 [presentation is attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046863>) | 2017-04-15 | 25 \n[1968313](<http://www.ibm.com/support/docview.wss?uid=swg21968313>) | [Unable to open or edit Security Network Protection (XGS) policies from SiteProtector Console.](<http://www.ibm.com/support/docview.wss?uid=swg21968313>) | 2017-09-04 | 26 \n[7046480](<http://www.ibm.com/support/docview.wss?uid=swg27046480>) | [Open Mic Webcast: Configuring OpenSignature (SNORT) on XGS - 23 September 2015 [presentation slides are attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046480>) | 2017-04-15 | 27 \n[1695933](<http://www.ibm.com/support/docview.wss?uid=swg21695933>) | [Determining the hostname, MAC, and IP address of a QRadar Network Security appliance from a support file](<http://www.ibm.com/support/docview.wss?uid=swg21695933>) | 2018-05-23 | 28 \n[1982555](<http://www.ibm.com/support/docview.wss?uid=swg21982555>) | [Network Time Policy (NTP) cannot be modified](<http://www.ibm.com/support/docview.wss?uid=swg21982555>) | 2018-05-01 | 29 \n[1995795](<http://www.ibm.com/support/docview.wss?uid=swg21995795>) | [Replacing the self-signed certificate on Security Network Protection appliances](<http://www.ibm.com/support/docview.wss?uid=swg21995795>) | 2018-03-05 | 30 \n[1974447](<http://www.ibm.com/support/docview.wss?uid=swg21974447>) | [Exporting a previous policy version for QRadar Network Security in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21974447>) | 2018-02-25 | 31 \n[1981482](<http://www.ibm.com/support/docview.wss?uid=swg21981482>) | [Hardening the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21981482>) | 2018-05-21 | 32 \n[2008040](<http://www.ibm.com/support/docview.wss?uid=swg22008040>) | [Support for defanged IP addresses and URLs on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22008040>) | 2017-09-13 | 33 \n[2003988](<http://www.ibm.com/support/docview.wss?uid=swg22003988>) | [Troubleshooting and tuning the Malware Analysis feature in QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22003988>) | 2018-05-28 | 34 \n[2011003](<http://www.ibm.com/support/docview.wss?uid=swg22011003>) | [Verifying that NTP is working on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22011003>) | 2018-05-01 | 35 \n[1984940](<http://www.ibm.com/support/docview.wss?uid=swg21984940>) | [The number of concurrent sessions of IBM Security Network Protection differs from that on the data sheet.](<http://www.ibm.com/support/docview.wss?uid=swg21984940>) | 2017-05-24 | 36 \n[2010544](<http://www.ibm.com/support/docview.wss?uid=swg22010544>) | [Error: \"anyAddress: required field is null\" when saving a Host Address object for QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22010544>) | 2017-12-13 | 37 \n[1970499](<http://www.ibm.com/support/docview.wss?uid=swg21970499>) | [QRadar Network Security is Unhealthy in SiteProtector due to disconnected monitoring interfaces](<http://www.ibm.com/support/docview.wss?uid=swg21970499>) | 2017-09-26 | 38 \n[1977762](<http://www.ibm.com/support/docview.wss?uid=swg21977762>) | [Inspecting IPv6 traffic that uses the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21977762>) | 2018-05-01 | 39 \n[2002825](<http://www.ibm.com/support/docview.wss?uid=swg22002825>) | [Troubleshooting email responses not working on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22002825>) | 2018-05-01 | 40 \n[7049119](<http://www.ibm.com/support/docview.wss?uid=swg27049119>) | [Open Mic Webcast: XGS version 5.3.3.1 - Wednesday, December 14, 2016 (Includes link to replay and corrected slide deck)](<http://www.ibm.com/support/docview.wss?uid=swg27049119>) | 2017-04-15 | 41 \n[1959895](<http://www.ibm.com/support/docview.wss?uid=swg21959895>) | [Locating CVE-related bulletins for your Infrastructure Security product](<http://www.ibm.com/support/docview.wss?uid=swg21959895>) | 2017-08-24 | 42 \n[1994079](<http://www.ibm.com/support/docview.wss?uid=swg21994079>) | [ISNP/IQNS (XGS) Open Mic Presentation Index ](<http://www.ibm.com/support/docview.wss?uid=swg21994079>) | 2017-06-05 | 43 \n[7048201](<http://www.ibm.com/support/docview.wss?uid=swg27048201>) | [Open Mic Webcast: A new vulnerability has been discovered - How do I protect my network using IBM Network Security Protection? Thursday, 30 June 2016 [Includes link to replay. Presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27048201>) | 2017-04-15 | 44 \n[1688889](<http://www.ibm.com/support/docview.wss?uid=swg21688889>) | [XGS reports an event matching a non-existent rule in the Network Access Policy ](<http://www.ibm.com/support/docview.wss?uid=swg21688889>) | 2017-08-04 | 45 \n[1690336](<http://www.ibm.com/support/docview.wss?uid=swg21690336>) | [Migrate XGS policies before running 5.3 firmware update](<http://www.ibm.com/support/docview.wss?uid=swg21690336>) | 2017-09-04 | 46 \n[1967068](<http://www.ibm.com/support/docview.wss?uid=swg21967068>) | [\"Verifying checksums...\" displayed on the LCD of the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21967068>) | 2017-10-17 | 47 \n[1996658](<http://www.ibm.com/support/docview.wss?uid=swg21996658>) | [IBM Security Network Protection (XGS) generated support file has 0 Kb file size](<http://www.ibm.com/support/docview.wss?uid=swg21996658>) | 2018-05-01 | 48 \n[7048226](<http://www.ibm.com/support/docview.wss?uid=swg27048226>) | [IBM Support Open Mic Replay: Ask the InfraStructure Security Experts - 27 July 2016 [OpenSignature presentation is attached] ](<http://www.ibm.com/support/docview.wss?uid=swg27048226>) | 2017-04-15 | 49 \n[1645456](<http://www.ibm.com/support/docview.wss?uid=swg21645456>) | [Must exclude protection interface IP address from proxy configuration for IBM Security Network Protection appliances placed between users and proxy servers](<http://www.ibm.com/support/docview.wss?uid=swg21645456>) | 2017-04-14 | 50 \n[1685118](<http://www.ibm.com/support/docview.wss?uid=swg21685118>) | [Issues with Firefox version 31.x and 32.x and outbound SSL inspection using the IBM Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21685118>) | 2017-08-29 | 51 \n[1697063](<http://www.ibm.com/support/docview.wss?uid=swg21697063>) | [Fixes included in 5.3.0.4-ISS-XGS-All-Models-Hotfix-FP0002 ](<http://www.ibm.com/support/docview.wss?uid=swg21697063>) | 2017-04-14 | 52 \n[1701033](<http://www.ibm.com/support/docview.wss?uid=swg21701033>) | [SNMP traffic lists protection interface address as source IP address](<http://www.ibm.com/support/docview.wss?uid=swg21701033>) | 2017-04-14 | 53 \n[1884020](<http://www.ibm.com/support/docview.wss?uid=swg21884020>) | [SiteProtector System does not display correct IP address for Network Security appliance in NAT environment](<http://www.ibm.com/support/docview.wss?uid=swg21884020>) | 2017-04-14 | 54 \n[1993269](<http://www.ibm.com/support/docview.wss?uid=swg21993269>) | [Firewall rules necessary to ensure X-Force Exchange site access](<http://www.ibm.com/support/docview.wss?uid=swg21993269>) | 2017-04-14 | 55 \n[1993349](<http://www.ibm.com/support/docview.wss?uid=swg21993349>) | [Impact of the 2016-12-31 leap second IBM Security Infrastructure products](<http://www.ibm.com/support/docview.wss?uid=swg21993349>) | 2018-05-23 | 56 \n[2002060](<http://www.ibm.com/support/docview.wss?uid=swg22002060>) | [ISNP/IQNS (XGS) YouTube Video Index](<http://www.ibm.com/support/docview.wss?uid=swg22002060>) | 2017-07-05 | 57 \n[7046993](<http://www.ibm.com/support/docview.wss?uid=swg27046993>) | [Open Mic Webcast: So I just deployed the IBM Security Network Protection Appliance - what do I do next? 18 November 2015 [Includes link to replay] [Slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27046993>) | 2017-06-05 | 58 \n[1599354](<http://www.ibm.com/support/docview.wss?uid=swg21599354>) | [Security Systems My Notifications subscription instructions](<http://www.ibm.com/support/docview.wss?uid=swg21599354>) | 2017-04-14 | 59 \n[1655377](<http://www.ibm.com/support/docview.wss?uid=swg21655377>) | [Security Bulletin: Security Network Protection is affected by a cross-site scripting vulnerability (CVE-2013-5442)](<http://www.ibm.com/support/docview.wss?uid=swg21655377>) | 2018-02-15 | 60 \n[1667602](<http://www.ibm.com/support/docview.wss?uid=swg21667602>) | [Encryption used by the Network Protection (XGS) when communicating with ibmxpu.flexnetoperations.com](<http://www.ibm.com/support/docview.wss?uid=swg21667602>) | 2018-05-01 | 61 \n[1688002](<http://www.ibm.com/support/docview.wss?uid=swg21688002>) | [Known Issues for IBM Security Network Protection Firmware Version 5.3](<http://www.ibm.com/support/docview.wss?uid=swg21688002>) | 2017-04-14 | 62 \n[1692094](<http://www.ibm.com/support/docview.wss?uid=swg21692094>) | [Network Protection policies are missing from SiteProtector after upgrading firmware to 5.3 or 5.3.0.1](<http://www.ibm.com/support/docview.wss?uid=swg21692094>) | 2018-05-01 | 63 \n[1697667](<http://www.ibm.com/support/docview.wss?uid=swg21697667>) | [5.3.0.1-ISS-XGS-All-Models-Hotfix-FP0001 ](<http://www.ibm.com/support/docview.wss?uid=swg21697667>) | 2017-04-14 | 64 \n[1963637](<http://www.ibm.com/support/docview.wss?uid=swg21963637>) | [Disabling QRadar Network Security event posting to SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21963637>) | 2017-09-26 | 65 \n[1966075](<http://www.ibm.com/support/docview.wss?uid=swg21966075>) | [Severity-based event responses on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966075>) | 2017-09-11 | 66 \n[1969771](<http://www.ibm.com/support/docview.wss?uid=swg21969771>) | [Security Bulletin: A vulnerability in Pluggable Authentication Modules (PAM) affects IBM Security Network Protection (CVE-2015-3238)](<http://www.ibm.com/support/docview.wss?uid=swg21969771>) | 2017-04-14 | 67 \n[1980537](<http://www.ibm.com/support/docview.wss?uid=swg21980537>) | [Disabling TCP timestamps on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980537>) | 2018-05-28 | 68 \n[1984726](<http://www.ibm.com/support/docview.wss?uid=swg21984726>) | [Security Network Protection (XGS) appliances send packets out of order](<http://www.ibm.com/support/docview.wss?uid=swg21984726>) | 2018-05-01 | 69 \n[1988858](<http://www.ibm.com/support/docview.wss?uid=swg21988858>) | [Determine whether the XGS 5100 requires a 5.3.2.3 LCD Hotfix](<http://www.ibm.com/support/docview.wss?uid=swg21988858>) | 2017-08-24 | 70 \n[7048767](<http://www.ibm.com/support/docview.wss?uid=swg27048767>) | [Open Mic replay: Basic Troubleshooting of XGS - 22 September 2016 ](<http://www.ibm.com/support/docview.wss?uid=swg27048767>) | 2017-04-15 | 71 \n[1643250](<http://www.ibm.com/support/docview.wss?uid=swg21643250>) | [IBM Security Systems Infrastructure product aliases](<http://www.ibm.com/support/docview.wss?uid=swg21643250>) | 2017-09-04 | 72 \n[1665279](<http://www.ibm.com/support/docview.wss?uid=swg21665279>) | [Security Bulletin: IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language (CVE-2013-4492, CVE-2013-4164)](<http://www.ibm.com/support/docview.wss?uid=swg21665279>) | 2018-02-15 | 73 \n[1686343](<http://www.ibm.com/support/docview.wss?uid=swg21686343>) | [Confirm user name and reset password for the Logon-event Scanner](<http://www.ibm.com/support/docview.wss?uid=swg21686343>) | 2018-05-01 | 74 \n[1689782](<http://www.ibm.com/support/docview.wss?uid=swg21689782>) | [System Error Top 10 Applications: Unable to retrieve the data requested](<http://www.ibm.com/support/docview.wss?uid=swg21689782>) | 2017-04-14 | 75 \n[1987547](<http://www.ibm.com/support/docview.wss?uid=swg21987547>) | [Where can a customer obtain information about new network attacks? ](<http://www.ibm.com/support/docview.wss?uid=swg21987547>) | 2017-07-08 | 76 \n[1987984](<http://www.ibm.com/support/docview.wss?uid=swg21987984>) | [System Event code list for IBM Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21987984>) | 2018-06-03 | 77 \n[1988153](<http://www.ibm.com/support/docview.wss?uid=swg21988153>) | [Obtaining information about protection against new network attacks](<http://www.ibm.com/support/docview.wss?uid=swg21988153>) | 2017-09-18 | 78 \n[2011432](<http://www.ibm.com/support/docview.wss?uid=swg22011432>) | [FNXUD0002I system events in Monitoring mode on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22011432>) | 2018-02-19 | 79 \n \n\\+ Hardware\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1680286](<http://www.ibm.com/support/docview.wss?uid=swg21680286>) | [IBM QRadar Network Security IQNS (XGS) 3100/4100/5100/7100 hardware comparison and NIM configurations](<http://www.ibm.com/support/docview.wss?uid=swg21680286>) | 2018-05-01 | 1 \n[1455876](<http://www.ibm.com/support/docview.wss?uid=swg21455876>) | [Obtaining the serial number and model number from an IBM Security or Proventia appliance](<http://www.ibm.com/support/docview.wss?uid=swg21455876>) | 2018-01-01 | 2 \n[1684986](<http://www.ibm.com/support/docview.wss?uid=swg21684986>) | [Running Platform Hardware Diagnostics utility on the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21684986>) | 2018-05-01 | 3 \n[1691051](<http://www.ibm.com/support/docview.wss?uid=swg21691051>) | [IBM QRadar Network Security IQNS (XGS) appliance High Availability (HA) cabling guide](<http://www.ibm.com/support/docview.wss?uid=swg21691051>) | 2018-05-01 | 4 \n[1697576](<http://www.ibm.com/support/docview.wss?uid=swg21697576>) | [IBM Security RMA form](<http://www.ibm.com/support/docview.wss?uid=swg21697576>) | 2018-05-01 | 5 \n[1962052](<http://www.ibm.com/support/docview.wss?uid=swg21962052>) | [Customer Replaceable Unit (CRU) parts for IBM Infrastructure Security products](<http://www.ibm.com/support/docview.wss?uid=swg21962052>) | 2017-04-14 | 6 \n[1959769](<http://www.ibm.com/support/docview.wss?uid=swg21959769>) | [LED status indicators on the IBM Security Network Protection (XGS) and IBM Security Network Intrusion Prevention System (GX) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21959769>) | 2018-05-01 | 7 \n[1959487](<http://www.ibm.com/support/docview.wss?uid=swg21959487>) | [Locating the serial number on IBM Security Network Protection (XGS) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21959487>) | 2018-05-01 | 8 \n[1984376](<http://www.ibm.com/support/docview.wss?uid=swg21984376>) | [The Security Network Protection XGS 5100 10G NIMs are not recognized ](<http://www.ibm.com/support/docview.wss?uid=swg21984376>) | 2017-08-28 | 9 \n[1964988](<http://www.ibm.com/support/docview.wss?uid=swg21964988>) | [Configuring management interface link speed and duplex settings for QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964988>) | 2017-09-04 | 10 \n[1980532](<http://www.ibm.com/support/docview.wss?uid=swg21980532>) | [IBM Security Network Protection (XGS) 7100 requires Network Interface Modules (NIM) with firmware 1.6.0 or higher](<http://www.ibm.com/support/docview.wss?uid=swg21980532>) | 2017-04-14 | 11 \n[2004899](<http://www.ibm.com/support/docview.wss?uid=swg22004899>) | [Hardware health check interval on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004899>) | 2017-11-10 | 12 \n[1977921](<http://www.ibm.com/support/docview.wss?uid=swg21977921>) | [Speed and duplex settings are grayed out when using a 10G NIM module on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21977921>) | 2018-05-06 | 13 \n[2004680](<http://www.ibm.com/support/docview.wss?uid=swg22004680>) | [Manufacturing information for IBM Security hardware](<http://www.ibm.com/support/docview.wss?uid=swg22004680>) | 2018-05-21 | 14 \n[1883752](<http://www.ibm.com/support/docview.wss?uid=swg21883752>) | [Fiber optic cable types that can be used with the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21883752>) | 2017-04-14 | 15 \n[1903077](<http://www.ibm.com/support/docview.wss?uid=swg21903077>) | [Log information indicating A/C power reset is needed on IQNS](<http://www.ibm.com/support/docview.wss?uid=swg21903077>) | 2018-05-01 | 16 \n[1987913](<http://www.ibm.com/support/docview.wss?uid=swg21987913>) | [Link down to the network switch after restarting IBM Security Network Protection XGS 7100](<http://www.ibm.com/support/docview.wss?uid=swg21987913>) | 2017-04-14 | 17 \n[2001134](<http://www.ibm.com/support/docview.wss?uid=swg22001134>) | [Securely wipe a QRadar Network Security appliance](<http://www.ibm.com/support/docview.wss?uid=swg22001134>) | 2018-05-06 | 18 \n[1977445](<http://www.ibm.com/support/docview.wss?uid=swg21977445>) | [QRadar Network Security support for USB 3.0](<http://www.ibm.com/support/docview.wss?uid=swg21977445>) | 2018-05-01 | 19 \n \n\\+ Identity\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1667633](<http://www.ibm.com/support/docview.wss?uid=swg21667633>) | [Policy differences between the Security Network IPS and Security Network Protection System](<http://www.ibm.com/support/docview.wss?uid=swg21667633>) | 2018-05-01 | 1 \n[1980526](<http://www.ibm.com/support/docview.wss?uid=swg21980526>) | [Error: \"side-by-side configuration is incorrect\" when starting Security Logon Event Scanner](<http://www.ibm.com/support/docview.wss?uid=swg21980526>) | 2017-06-10 | 2 \n[1593164](<http://www.ibm.com/support/docview.wss?uid=swg21593164>) | [Downloading the Security Logon-event Scanner software](<http://www.ibm.com/support/docview.wss?uid=swg21593164>) | 2017-06-10 | 3 \n[1981955](<http://www.ibm.com/support/docview.wss?uid=swg21981955>) | [Common issues when configuring Passive Authentication and the Logon-event Scanner for the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21981955>) | 2017-04-23 | 4 \n[1980531](<http://www.ibm.com/support/docview.wss?uid=swg21980531>) | [Security Network Protection Passive Authentication is logging events from authenticated users as \"unauthenticated user\"](<http://www.ibm.com/support/docview.wss?uid=swg21980531>) | 2017-08-02 | 5 \n[1990089](<http://www.ibm.com/support/docview.wss?uid=swg21990089>) | [Installing Logon-event Scanner version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990089>) | 2017-05-24 | 6 \n[1667487](<http://www.ibm.com/support/docview.wss?uid=swg21667487>) | [Authentication portal session timeout information for the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21667487>) | 2018-05-01 | 7 \n[1698729](<http://www.ibm.com/support/docview.wss?uid=swg21698729>) | [Error when adding Remote Identity Objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21698729>) | 2017-04-14 | 8 \n[1990094](<http://www.ibm.com/support/docview.wss?uid=swg21990094>) | [No active sessions in Security Network Protection (XGS) after installing Logon-event Scanner version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990094>) | 2017-07-12 | 9 \n[2004901](<http://www.ibm.com/support/docview.wss?uid=swg22004901>) | [Active Directory authentication fails on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004901>) | 2017-12-13 | 10 \n[1695029](<http://www.ibm.com/support/docview.wss?uid=swg21695029>) | [Configuring protection interfaces for the Captive Authentication portal](<http://www.ibm.com/support/docview.wss?uid=swg21695029>) | 2018-05-01 | 11 \n[1672960](<http://www.ibm.com/support/docview.wss?uid=swg21672960>) | [Error when trying to add Remote Identity objects on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21672960>) | 2017-09-26 | 12 \n[1696727](<http://www.ibm.com/support/docview.wss?uid=swg21696727>) | [Logon-event Scanner service stops on the Active Directory server](<http://www.ibm.com/support/docview.wss?uid=swg21696727>) | 2018-05-01 | 13 \n[1990090](<http://www.ibm.com/support/docview.wss?uid=swg21990090>) | [Managing Logon-event Scanner Version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990090>) | 2017-04-14 | 14 \n[1649622](<http://www.ibm.com/support/docview.wss?uid=swg21649622>) | [Inbound connections fail when user authentication does not include a destination object specifying which adapters are external](<http://www.ibm.com/support/docview.wss?uid=swg21649622>) | 2017-04-14 | 15 \n[1696728](<http://www.ibm.com/support/docview.wss?uid=swg21696728>) | [Logon-event Scanner is unable to process Russian characters](<http://www.ibm.com/support/docview.wss?uid=swg21696728>) | 2017-04-14 | 16 \n[1973114](<http://www.ibm.com/support/docview.wss?uid=swg21973114>) | [Security Logon-event Scanner does not report active sessions when domain names do not match](<http://www.ibm.com/support/docview.wss?uid=swg21973114>) | 2017-04-23 | 17 \n[1975846](<http://www.ibm.com/support/docview.wss?uid=swg21975846>) | [Network Protection (XGS) - Passively authenticated users or group-based NAP rules do not match](<http://www.ibm.com/support/docview.wss?uid=swg21975846>) | 2018-05-01 | 18 \n[1980530](<http://www.ibm.com/support/docview.wss?uid=swg21980530>) | [Security Logon-event Scanner Domain Administrator account is not seen as an active session by the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21980530>) | 2018-05-28 | 19 \n[1980552](<http://www.ibm.com/support/docview.wss?uid=swg21980552>) | [Logon-event Scanner can no longer communicate with the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21980552>) | 2017-05-28 | 20 \n \n\\+ Installation\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1964546](<http://www.ibm.com/support/docview.wss?uid=swg21964546>) | [IBM QRadar Network Security IQNS (XGS) and Security Network IPS (GX) cabling guidelines](<http://www.ibm.com/support/docview.wss?uid=swg21964546>) | 2018-05-01 | 1 \n[1964989](<http://www.ibm.com/support/docview.wss?uid=swg21964989>) | [Error: \"Character content other than whitespace\" after reimaging or updating an XGS sensor](<http://www.ibm.com/support/docview.wss?uid=swg21964989>) | 2017-09-04 | 2 \n[1962633](<http://www.ibm.com/support/docview.wss?uid=swg21962633>) | [IBM Security Network Protection (XGS) and Network Intrusion Prevention (IPS) install guidelines after a replacement unit (RMA) was received](<http://www.ibm.com/support/docview.wss?uid=swg21962633>) | 2017-06-19 | 3 \n[1962593](<http://www.ibm.com/support/docview.wss?uid=swg21962593>) | [Moving Security Network Protection policies to a new SiteProtector system](<http://www.ibm.com/support/docview.wss?uid=swg21962593>) | 2017-04-14 | 4 \n[1694346](<http://www.ibm.com/support/docview.wss?uid=swg21694346>) | [Security Network Protection (XGS) System error when registing with SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21694346>) | 2018-05-01 | 5 \n \n\\+ Interim Fixes\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1966077](<http://www.ibm.com/support/docview.wss?uid=swg21966077>) | [Certificate \"expired or is near expiration\" message after you import a new LMI certificate on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966077>) | 2017-09-18 | 1 \n[1677166](<http://www.ibm.com/support/docview.wss?uid=swg21677166>) | [Fixes and patches available for IBM Security products](<http://www.ibm.com/support/docview.wss?uid=swg21677166>) | 2018-05-13 | 2 \n[1700713](<http://www.ibm.com/support/docview.wss?uid=swg21700713>) | [IBM Security Network Protection (XGS) firmware 5.3.0.5 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21700713>) | 2018-05-01 | 3 \n[1961507](<http://www.ibm.com/support/docview.wss?uid=swg21961507>) | [Security Network Protection sensor vulnerability to CVE-2014-2532](<http://www.ibm.com/support/docview.wss?uid=swg21961507>) | 2017-10-23 | 4 \n[1902778](<http://www.ibm.com/support/docview.wss?uid=swg21902778>) | [Security Network Protection firmware 5.3.1 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21902778>) | 2018-05-01 | 5 \n[1960788](<http://www.ibm.com/support/docview.wss?uid=swg21960788>) | [5.3.1.1-ISS-XGS-All-Models-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21960788>) | 2018-05-01 | 6 \n[2000334](<http://www.ibm.com/support/docview.wss?uid=swg22000334>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0003](<http://www.ibm.com/support/docview.wss?uid=swg22000334>) | 2017-06-30 | 7 \n[1959193](<http://www.ibm.com/support/docview.wss?uid=swg21959193>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0009 ](<http://www.ibm.com/support/docview.wss?uid=swg21959193>) | 2018-05-13 | 8 \n[1959666](<http://www.ibm.com/support/docview.wss?uid=swg21959666>) | [5.3.0.6-ISS-XGS-All-Models-IF0002](<http://www.ibm.com/support/docview.wss?uid=swg21959666>) | 2018-05-21 | 9 \n[1972784](<http://www.ibm.com/support/docview.wss?uid=swg21972784>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0013](<http://www.ibm.com/support/docview.wss?uid=swg21972784>) | 2017-04-14 | 10 \n[1690659](<http://www.ibm.com/support/docview.wss?uid=swg21690659>) | [5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001](<http://www.ibm.com/support/docview.wss?uid=swg21690659>) | 2017-04-14 | 11 \n[1664576](<http://www.ibm.com/support/docview.wss?uid=swg21664576>) | [5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0002](<http://www.ibm.com/support/docview.wss?uid=swg21664576>) | 2017-04-14 | 12 \n[1681073](<http://www.ibm.com/support/docview.wss?uid=swg21681073>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0006](<http://www.ibm.com/support/docview.wss?uid=swg21681073>) | 2017-06-24 | 13 \n[1685298](<http://www.ibm.com/support/docview.wss?uid=swg21685298>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0004](<http://www.ibm.com/support/docview.wss?uid=swg21685298>) | 2018-05-01 | 14 \n[1685299](<http://www.ibm.com/support/docview.wss?uid=swg21685299>) | [5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0012](<http://www.ibm.com/support/docview.wss?uid=swg21685299>) | 2018-05-01 | 15 \n[1685300](<http://www.ibm.com/support/docview.wss?uid=swg21685300>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0007](<http://www.ibm.com/support/docview.wss?uid=swg21685300>) | 2018-05-01 | 16 \n[1685301](<http://www.ibm.com/support/docview.wss?uid=swg21685301>) | [5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21685301>) | 2018-05-01 | 17 \n[1685302](<http://www.ibm.com/support/docview.wss?uid=swg21685302>) | [5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0004](<http://www.ibm.com/support/docview.wss?uid=swg21685302>) | 2018-05-01 | 18 \n[1690850](<http://www.ibm.com/support/docview.wss?uid=swg21690850>) | [5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013](<http://www.ibm.com/support/docview.wss?uid=swg21690850>) | 2017-04-14 | 19 \n[1690851](<http://www.ibm.com/support/docview.wss?uid=swg21690851>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21690851>) | 2017-04-14 | 20 \n[1693604](<http://www.ibm.com/support/docview.wss?uid=swg21693604>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0006](<http://www.ibm.com/support/docview.wss?uid=swg21693604>) | 2017-04-14 | 21 \n[1696054](<http://www.ibm.com/support/docview.wss?uid=swg21696054>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0007](<http://www.ibm.com/support/docview.wss?uid=swg21696054>) | 2018-05-01 | 22 \n[1700617](<http://www.ibm.com/support/docview.wss?uid=swg21700617>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21700617>) | 2017-04-23 | 23 \n[1903749](<http://www.ibm.com/support/docview.wss?uid=swg21903749>) | [5.3.0.6-ISS-XGS-All-Models-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21903749>) | 2018-05-01 | 24 \n[1960784](<http://www.ibm.com/support/docview.wss?uid=swg21960784>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP00010](<http://www.ibm.com/support/docview.wss?uid=swg21960784>) | 2018-05-01 | 25 \n[1960785](<http://www.ibm.com/support/docview.wss?uid=swg21960785>) | [5.3.0.6-ISS-XGS-All-Models-IF0003](<http://www.ibm.com/support/docview.wss?uid=swg21960785>) | 2018-05-21 | 26 \n[1968790](<http://www.ibm.com/support/docview.wss?uid=swg21968790>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012](<http://www.ibm.com/support/docview.wss?uid=swg21968790>) | 2017-09-26 | 27 \n[1975563](<http://www.ibm.com/support/docview.wss?uid=swg21975563>) | [5.3.1.7-ISS-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21975563>) | 2017-04-14 | 28 \n \n\\+ Intrusion Prevention Module (IPM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1680386](<http://www.ibm.com/support/docview.wss?uid=swg21680386>) | [Migrating existing Security Network IPS policies to the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21680386>) | 2018-05-01 | 1 \n[1962048](<http://www.ibm.com/support/docview.wss?uid=swg21962048>) | [Difference between Allow and Ignore in the IPS Event Filter Policy on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21962048>) | 2017-09-04 | 2 \n[1695087](<http://www.ibm.com/support/docview.wss?uid=swg21695087>) | [Warning: RSYSLOG response: LEEF message is truncated, IBM QRadar Network Security IQNS (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21695087>) | 2018-05-01 | 3 \n[1958077](<http://www.ibm.com/support/docview.wss?uid=swg21958077>) | [XML content of policy export on Network IPS and Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21958077>) | 2017-08-02 | 4 \n[1660083](<http://www.ibm.com/support/docview.wss?uid=swg21660083>) | [QRadar SIEM only logging Network Access events but not IPS Security Events from Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21660083>) | 2017-04-14 | 5 \n[1687457](<http://www.ibm.com/support/docview.wss?uid=swg21687457>) | [Certain security events can only be used in the Default IPS policy object on the IBM QRadar Network Security IQNS/XGS sensor](<http://www.ibm.com/support/docview.wss?uid=swg21687457>) | 2018-05-01 | 6 \n[7047767](<http://www.ibm.com/support/docview.wss?uid=swg27047767>) | [XGS Open Mic Webcast: Application Control and IP Reputation Demystified! Thursday, 31 March 2016 [Includes attached presentation and link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27047767>) | 2017-04-15 | 7 \n[1682385](<http://www.ibm.com/support/docview.wss?uid=swg21682385>) | [IBM Qradar Network Security -IQNS (XGS) not firing IPS events after being registered in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21682385>) | 2018-05-01 | 8 \n[1963728](<http://www.ibm.com/support/docview.wss?uid=swg21963728>) | [IBM Security Network Protection (XGS) security events UNIX timestamp conversion tool](<http://www.ibm.com/support/docview.wss?uid=swg21963728>) | 2017-04-16 | 9 \n[1696200](<http://www.ibm.com/support/docview.wss?uid=swg21696200>) | [Logging URL data from Network Access events](<http://www.ibm.com/support/docview.wss?uid=swg21696200>) | 2018-05-01 | 10 \n[1699305](<http://www.ibm.com/support/docview.wss?uid=swg21699305>) | [System error shows \"Issue ID: value already exists\" when attempting to add/edit IPS Event Filter rules](<http://www.ibm.com/support/docview.wss?uid=swg21699305>) | 2017-04-14 | 11 \n \n\\+ Licensing and Updates (LUM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1679077](<http://www.ibm.com/support/docview.wss?uid=swg21679077>) | [Steps to generate or regenerate license keys from the IBM License Key Center](<http://www.ibm.com/support/docview.wss?uid=swg21679077>) | 2018-05-01 | 1 \n[1680383](<http://www.ibm.com/support/docview.wss?uid=swg21680383>) | [IBM QRadar Network Security IQNS (XGS) licensing summary](<http://www.ibm.com/support/docview.wss?uid=swg21680383>) | 2018-05-01 | 2 \n[1437057](<http://www.ibm.com/support/docview.wss?uid=swg21437057>) | [Firewall rules necessary to ensure that IBM Security and Lotus Protector for Mail Security Products can update](<http://www.ibm.com/support/docview.wss?uid=swg21437057>) | 2017-09-10 | 3 \n[1965396](<http://www.ibm.com/support/docview.wss?uid=swg21965396>) | [Best practices for firmware upgrades on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21965396>) | 2017-06-10 | 4 \n[1961077](<http://www.ibm.com/support/docview.wss?uid=swg21961077>) | [Manually applying updates on the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21961077>) | 2017-05-13 | 5 \n[1678995](<http://www.ibm.com/support/docview.wss?uid=swg21678995>) | [IBM QRadar Network Security IQNS (XGS) does not apply all currently entitled licenses after it is registered with SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21678995>) | 2018-05-01 | 6 \n[1964486](<http://www.ibm.com/support/docview.wss?uid=swg21964486>) | [Internet access configuration for Application Database updates on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964486>) | 2018-05-01 | 7 \n[1693920](<http://www.ibm.com/support/docview.wss?uid=swg21693920>) | [Network Protection (XGS) firmware update fails to install](<http://www.ibm.com/support/docview.wss?uid=swg21693920>) | 2018-05-01 | 8 \n[1610380](<http://www.ibm.com/support/docview.wss?uid=swg21610380>) | [Adding or Changing Registered End Users (REUs) in Flexera Licensing Key Center (LKC)](<http://www.ibm.com/support/docview.wss?uid=swg21610380>) | 2017-09-07 | 9 \n[1988156](<http://www.ibm.com/support/docview.wss?uid=swg21988156>) | [Security Network Protection license refresh timing in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21988156>) | 2017-04-14 | 10 \n[1996659](<http://www.ibm.com/support/docview.wss?uid=swg21996659>) | [GLGUP1012E alerts on IBM Security Network Protection (XGS) not configured for internet access](<http://www.ibm.com/support/docview.wss?uid=swg21996659>) | 2018-05-01 | 11 \n[1970863](<http://www.ibm.com/support/docview.wss?uid=swg21970863>) | [Possible memory leak in 5.3.1.5 firmware release](<http://www.ibm.com/support/docview.wss?uid=swg21970863>) | 2017-04-14 | 12 \n[1986089](<http://www.ibm.com/support/docview.wss?uid=swg21986089>) | [License expiration date does not change after adding a new license to the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21986089>) | 2017-08-28 | 13 \n[1975847](<http://www.ibm.com/support/docview.wss?uid=swg21975847>) | [Unable to find recently purchased licenses for IBM Security products](<http://www.ibm.com/support/docview.wss?uid=swg21975847>) | 2018-05-01 | 14 \n \n\\+ Local Management Interface (LMI)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[2007513](<http://www.ibm.com/support/docview.wss?uid=swg22007513>) | [Error: \"Failed to find an app server\" and web interface not accessible on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22007513>) | 2017-09-08 | 1 \n[1976862](<http://www.ibm.com/support/docview.wss?uid=swg21976862>) | [LMI certificate management on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976862>) | 2018-02-26 | 2 \n[1983851](<http://www.ibm.com/support/docview.wss?uid=swg21983851>) | [Change the Security Network Protection (XGS) default administrator password in the Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21983851>) | 2018-05-01 | 3 \n[1766545](<http://www.ibm.com/support/docview.wss?uid=swg21766545>) | [Configuring multiple accounts for LMI and CLI on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21766545>) | 2018-05-20 | 4 \n[1983880](<http://www.ibm.com/support/docview.wss?uid=swg21983880>) | [Token-based two-factor authentication on QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983880>) | 2017-05-28 | 5 \n[1883738](<http://www.ibm.com/support/docview.wss?uid=swg21883738>) | [Disabling weak ciphers for the LMI of the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21883738>) | 2018-02-01 | 6 \n[1988154](<http://www.ibm.com/support/docview.wss?uid=swg21988154>) | [Internet Explorer Compatibility View mode causes LMI issues on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21988154>) | 2017-08-28 | 7 \n[1969071](<http://www.ibm.com/support/docview.wss?uid=swg21969071>) | [LMI is inaccessible after replacing the certificate on QRadar Network Protection (XGS) sensors](<http://www.ibm.com/support/docview.wss?uid=swg21969071>) | 2017-10-01 | 8 \n[1990349](<http://www.ibm.com/support/docview.wss?uid=swg21990349>) | [Error: \"The page you were looking for doesn't exist\" on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990349>) | 2017-04-14 | 9 \n[1595890](<http://www.ibm.com/support/docview.wss?uid=swg21595890>) | [Supported Browsers for the IBM Security Network Protection Appliance](<http://www.ibm.com/support/docview.wss?uid=swg21595890>) | 2017-04-14 | 10 \n[1682813](<http://www.ibm.com/support/docview.wss?uid=swg21682813>) | [Blank Interface Statistics Graphs in the Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21682813>) | 2018-05-01 | 11 \n[1970018](<http://www.ibm.com/support/docview.wss?uid=swg21970018>) | [Certficate in Awaiting CA Certificate Upload status for the Security Network Protection LMI](<http://www.ibm.com/support/docview.wss?uid=swg21970018>) | 2017-04-14 | 12 \n[1983898](<http://www.ibm.com/support/docview.wss?uid=swg21983898>) | [Unable to access LMI after applying fix pack 5.3.X-ISS-XGS-Remove-LMI-Certs to a Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21983898>) | 2017-04-14 | 13 \n[1968985](<http://www.ibm.com/support/docview.wss?uid=swg21968985>) | [Unable to access the LMI in Firefox after configuring FIPS on the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21968985>) | 2017-04-14 | 14 \n[2000598](<http://www.ibm.com/support/docview.wss?uid=swg22000598>) | [Unable to add SNMP object to Security Network Protection at firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000598>) | 2018-05-01 | 15 \n[1713633](<http://www.ibm.com/support/docview.wss?uid=swg21713633>) | [Local event data retention settings on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21713633>) | 2018-05-28 | 16 \n[1963516](<http://www.ibm.com/support/docview.wss?uid=swg21963516>) | [System Error when using a third-party certificate in QRadar Network Security LMI](<http://www.ibm.com/support/docview.wss?uid=swg21963516>) | 2017-09-26 | 17 \n[1989975](<http://www.ibm.com/support/docview.wss?uid=swg21989975>) | [Hardcoding speed and duplex on M.1 might not work on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989975>) | 2017-10-02 | 18 \n[1987436](<http://www.ibm.com/support/docview.wss?uid=swg21987436>) | [Access to captive portal using IPv6 address fails on IBM Security Network Protection appliances (XGS). ](<http://www.ibm.com/support/docview.wss?uid=swg21987436>) | 2017-04-14 | 19 \n[1661873](<http://www.ibm.com/support/docview.wss?uid=swg21661873>) | [Unable to download support files from an QRadar Network Security with IE Enhanced Security Configuration installed](<http://www.ibm.com/support/docview.wss?uid=swg21661873>) | 2018-05-01 | 20 \n[1983889](<http://www.ibm.com/support/docview.wss?uid=swg21983889>) | [HTTP 500 Internal Server Error when accessing the Security Network Protection (XGS) Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21983889>) | 2018-05-01 | 21 \n[1597885](<http://www.ibm.com/support/docview.wss?uid=swg21597885>) | [Multiselect does not work properly](<http://www.ibm.com/support/docview.wss?uid=swg21597885>) | 2017-04-14 | 22 \n[1598332](<http://www.ibm.com/support/docview.wss?uid=swg21598332>) | [System Error - Tried to register widget with id==logdb_edit_dialog but that id is already registered](<http://www.ibm.com/support/docview.wss?uid=swg21598332>) | 2017-04-14 | 23 \n[1686991](<http://www.ibm.com/support/docview.wss?uid=swg21686991>) | [Captive authentication page occasionally fails to redirect the user on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21686991>) | 2018-05-01 | 24 \n[1986359](<http://www.ibm.com/support/docview.wss?uid=swg21986359>) | [The search bar in the IBM Security Network Protection Local Management Interface (LMI) help is not responding and searches can not be made.](<http://www.ibm.com/support/docview.wss?uid=swg21986359>) | 2017-04-14 | 25 \n[1999059](<http://www.ibm.com/support/docview.wss?uid=swg21999059>) | [LMI network graphs unreadable when using Chrome 56 on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21999059>) | 2017-06-10 | 26 \n[1999115](<http://www.ibm.com/support/docview.wss?uid=swg21999115>) | [Unable to access LMI after modifying the management IP address on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21999115>) | 2018-01-01 | 27 \n \n\\+ Network Access Policy\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1961068](<http://www.ibm.com/support/docview.wss?uid=swg21961068>) | [Blocking IP spoofed traffic with a QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21961068>) | 2017-08-28 | 1 \n[1983899](<http://www.ibm.com/support/docview.wss?uid=swg21983899>) | [Security Network Protection (XGS) Network Access Policy rules not working](<http://www.ibm.com/support/docview.wss?uid=swg21983899>) | 2017-06-19 | 2 \n[1961506](<http://www.ibm.com/support/docview.wss?uid=swg21961506>) | [IP reputation and geolocation information in NAP events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21961506>) | 2017-10-16 | 3 \n[1990362](<http://www.ibm.com/support/docview.wss?uid=swg21990362>) | [Default IPS policy usage in NAP rules on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990362>) | 2017-04-14 | 4 \n[1995199](<http://www.ibm.com/support/docview.wss?uid=swg21995199>) | [Configure Network Access Policies for the IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21995199>) | 2017-04-14 | 5 \n[1962639](<http://www.ibm.com/support/docview.wss?uid=swg21962639>) | [Security Network Protection and Security Network IPS remote syslog logging facility](<http://www.ibm.com/support/docview.wss?uid=swg21962639>) | 2017-06-19 | 6 \n[1968101](<http://www.ibm.com/support/docview.wss?uid=swg21968101>) | [Drop or Reject Actions do not appear to apply for some rules on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21968101>) | 2017-10-17 | 7 \n[1974709](<http://www.ibm.com/support/docview.wss?uid=swg21974709>) | [Remote Syslog over TLS setup](<http://www.ibm.com/support/docview.wss?uid=swg21974709>) | 2017-12-12 | 8 \n[1990338](<http://www.ibm.com/support/docview.wss?uid=swg21990338>) | [Custom NAP rule naming on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990338>) | 2018-05-23 | 9 \n[1698766](<http://www.ibm.com/support/docview.wss?uid=swg21698766>) | [Blocking specific ports by using Network Access policy on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698766>) | 2018-05-01 | 10 \n[1750419](<http://www.ibm.com/support/docview.wss?uid=swg21750419>) | [Security Network Protection (XGS) is not blocking a URL with \"?\" parameter value](<http://www.ibm.com/support/docview.wss?uid=swg21750419>) | 2017-04-14 | 11 \n[1968211](<http://www.ibm.com/support/docview.wss?uid=swg21968211>) | [Default behavior for traffic that does not match any NAP rule on Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21968211>) | 2017-10-23 | 12 \n[1435089](<http://www.ibm.com/support/docview.wss?uid=swg21435089>) | [Unable to see newly added Network Objects or Response Objects in XGS Response Rules](<http://www.ibm.com/support/docview.wss?uid=swg21435089>) | 2017-04-14 | 13 \n[1700929](<http://www.ibm.com/support/docview.wss?uid=swg21700929>) | [Security Network Protection (XGS) block page is not found for NAP rules by using domain category and domain list objects](<http://www.ibm.com/support/docview.wss?uid=swg21700929>) | 2018-05-01 | 14 \n[1986086](<http://www.ibm.com/support/docview.wss?uid=swg21986086>) | [Error: \"Field must be between 0 and 255 in length\" when adding a rule to a QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21986086>) | 2017-08-28 | 15 \n[1644712](<http://www.ibm.com/support/docview.wss?uid=swg21644712>) | [LMI allows deletion of remote directory server that is referenced in an identity object](<http://www.ibm.com/support/docview.wss?uid=swg21644712>) | 2017-04-14 | 16 \n[1698149](<http://www.ibm.com/support/docview.wss?uid=swg21698149>) | [Error: \"Invalid scope\" on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21698149>) | 2017-04-14 | 17 \n[1644593](<http://www.ibm.com/support/docview.wss?uid=swg21644593>) | [IBM Security Network Protection does not detect ping echo replies](<http://www.ibm.com/support/docview.wss?uid=swg21644593>) | 2017-09-06 | 18 \n[1683989](<http://www.ibm.com/support/docview.wss?uid=swg21683989>) | [Some Network Access policy events don't contain URL Categories or Web Application information](<http://www.ibm.com/support/docview.wss?uid=swg21683989>) | 2018-05-01 | 19 \n[1975227](<http://www.ibm.com/support/docview.wss?uid=swg21975227>) | [Multiple changes to the Network Access Policy may cause a network interruption on the Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975227>) | 2018-05-01 | 20 \n[1976509](<http://www.ibm.com/support/docview.wss?uid=swg21976509>) | [Using geolocation objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976509>) | 2017-08-24 | 21 \n[1983886](<http://www.ibm.com/support/docview.wss?uid=swg21983886>) | [Creating Geolocation objects in the Event Filter policy](<http://www.ibm.com/support/docview.wss?uid=swg21983886>) | 2018-05-01 | 22 \n[2013039](<http://www.ibm.com/support/docview.wss?uid=swg22013039>) | [Stateful inspection on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22013039>) | 2018-02-19 | 23 \n \n\\+ Network Interface Module (NIM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1698147](<http://www.ibm.com/support/docview.wss?uid=swg21698147>) | [Replacing network interface modules (NIMs) in the XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698147>) | 2018-01-29 | 1 \n[1666254](<http://www.ibm.com/support/docview.wss?uid=swg21666254>) | [Network Protection (XGS) policy changes that cause a link state change](<http://www.ibm.com/support/docview.wss?uid=swg21666254>) | 2018-05-01 | 2 \n[1987202](<http://www.ibm.com/support/docview.wss?uid=swg21987202>) | [40Gb Network Interface Module (NIM) update IBM QRadar Network Security (IQNS) 7100](<http://www.ibm.com/support/docview.wss?uid=swg21987202>) | 2018-05-01 | 3 \n \n\\+ Not Applicable\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1662387](<http://www.ibm.com/support/docview.wss?uid=swg21662387>) | [Agent Alert POST](<http://www.ibm.com/support/docview.wss?uid=swg21662387>) | 2017-08-24 | 1 \n[7045692](<http://www.ibm.com/support/docview.wss?uid=swg27045692>) | [Open Mic Webcast: How to Deploy and Configure the XGS - Wednesday, 20 May 2015 [includes link to recorded session; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045692>) | 2018-05-23 | 2 \n[1689158](<http://www.ibm.com/support/docview.wss?uid=swg21689158>) | [Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Security Infrastructure appliances (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21689158>) | 2018-02-15 | 3 \n[2001436](<http://www.ibm.com/support/docview.wss?uid=swg22001436>) | [PAM Statistics info and OID listing for QRadar Network Security (XGS) at XPU 37.030](<http://www.ibm.com/support/docview.wss?uid=swg22001436>) | 2018-05-01 | 4 \n[1987437](<http://www.ibm.com/support/docview.wss?uid=swg21987437>) | [Receiving warning messages when deploying policies that require restarting Analysis Daemon](<http://www.ibm.com/support/docview.wss?uid=swg21987437>) | 2017-04-14 | 5 \n[7047367](<http://www.ibm.com/support/docview.wss?uid=swg27047367>) | [Open Mic Webcast: XGS: Advanced Threat Protection Integration Options (QRadar export) - 28 January 2016 [Includes link to replay. Presentation is attached.]](<http://www.ibm.com/support/docview.wss?uid=swg27047367>) | 2017-04-15 | 6 \n[7045508](<http://www.ibm.com/support/docview.wss?uid=swg27045508>) | [Open Mic Webcast: Policy Migration from GX to XGS - Tuesday, 28 April 2015 [includes link to recorded event; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045508>) | 2018-05-23 | 7 \n[7049643](<http://www.ibm.com/support/docview.wss?uid=swg27049643>) | [Open Mic: IQNS (XGS) X-Force Malware Analysis on the Cloud - 24 May 2017 (Includes link to replay. Slides are attached.)](<http://www.ibm.com/support/docview.wss?uid=swg27049643>) | 2017-06-05 | 8 \n[1690823](<http://www.ibm.com/support/docview.wss?uid=swg21690823>) | [Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)](<http://www.ibm.com/support/docview.wss?uid=swg21690823>) | 2018-02-15 | 9 \n[7047876](<http://www.ibm.com/support/docview.wss?uid=swg27047876>) | [Infrastructure Support Open Mic Webcast: IBM Threat Protection System with XGS-QRadar Integration - 25 May 2016 [includes link to replay; presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047876>) | 2018-02-15 | 10 \n[1974288](<http://www.ibm.com/support/docview.wss?uid=swg21974288>) | [IBM Security Network Protection 5.3.2 Web Services API ](<http://www.ibm.com/support/docview.wss?uid=swg21974288>) | 2017-04-14 | 11 \n[7044438](<http://www.ibm.com/support/docview.wss?uid=swg27044438>) | [Open Mic Webcast for IBM Security Network Protection: Troubleshooting the XGS appliance - 20 January 2015 [includes link to replay; presentation slides are attached] ](<http://www.ibm.com/support/docview.wss?uid=swg27044438>) | 2018-05-23 | 12 \n[1690822](<http://www.ibm.com/support/docview.wss?uid=swg21690822>) | [Security Bulletin: Vulnerability in SSLv3 affects Network Protection (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21690822>) | 2018-02-15 | 13 \n[1696131](<http://www.ibm.com/support/docview.wss?uid=swg21696131>) | [Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)](<http://www.ibm.com/support/docview.wss?uid=swg21696131>) | 2018-02-15 | 14 \n[7045078](<http://www.ibm.com/support/docview.wss?uid=swg27045078>) | [Open Mic Webcast for controlling internet access with XGS: a configuration walkthrough of user authentication - Wednesday, 4 March 2015 [inclues link to recording; slide deck is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045078>) | 2018-05-23 | 15 \n[7046280](<http://www.ibm.com/support/docview.wss?uid=swg27046280>) | [Open Mic Webcast: XGS - Keeping up with threat infrastructure by using alerts and audits - 26 August 2015 [presentation slides are attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046280>) | 2017-04-15 | 16 \n[1676529](<http://www.ibm.com/support/docview.wss?uid=swg21676529>) | [Security Bulletin: IBM Security Network Protection is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 ](<http://www.ibm.com/support/docview.wss?uid=swg21676529>) | 2018-02-15 | 17 \n[1680803](<http://www.ibm.com/support/docview.wss?uid=swg21680803>) | [Security Bulletin: IBM Security Network Protection System CPU Utilization (CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21680803>) | 2018-02-15 | 18 \n[1693542](<http://www.ibm.com/support/docview.wss?uid=swg21693542>) | [Security Bulletin: IBM Security Network Protection is affected by ClickJacking vulnerability CVE-2014-6197](<http://www.ibm.com/support/docview.wss?uid=swg21693542>) | 2018-02-15 | 19 \n[1958090](<http://www.ibm.com/support/docview.wss?uid=swg21958090>) | [Security Bulletin: IBM Security Network Protection contains a Cross-Site Request Forgery vulnerability. ](<http://www.ibm.com/support/docview.wss?uid=swg21958090>) | 2018-02-15 | 20 \n[2002436](<http://www.ibm.com/support/docview.wss?uid=swg22002436>) | [Increased memory utilization in QRadar Network Security firmware 5.4](<http://www.ibm.com/support/docview.wss?uid=swg22002436>) | 2018-05-01 | 21 \n[1684903](<http://www.ibm.com/support/docview.wss?uid=swg21684903>) | [Security Bulletin: Network Protection is affected by multiple OpenSSL vulnerabilities (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511) ](<http://www.ibm.com/support/docview.wss?uid=swg21684903>) | 2018-02-15 | 22 \n[1696906](<http://www.ibm.com/support/docview.wss?uid=swg21696906>) | [Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)](<http://www.ibm.com/support/docview.wss?uid=swg21696906>) | 2018-02-15 | 23 \n[1697248](<http://www.ibm.com/support/docview.wss?uid=swg21697248>) | [Security Bulletin: IBM Security Network Protection is vulnerable to Cross-Site Scripting. (CVE-2014-6189)](<http://www.ibm.com/support/docview.wss?uid=swg21697248>) | 2018-02-15 | 24 \n[7047473](<http://www.ibm.com/support/docview.wss?uid=swg27047473>) | [Open Mic Webcast: Why you need to use Automated Service and Support on the XGS - 25 February 2016 [Includes link to replay] [Presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047473>) | 2018-02-15 | 25 \n[7050149](<http://www.ibm.com/support/docview.wss?uid=swg27050149>) | [IBM Infrastructure Security Support July 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27050149>) | 2017-08-24 | 26 \n[1675355](<http://www.ibm.com/support/docview.wss?uid=swg21675355>) | [Security Bulletin: IBM Security Network Protection System CPU utilization (CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21675355>) | 2018-02-15 | 27 \n[1676875](<http://www.ibm.com/support/docview.wss?uid=swg21676875>) | [Security Bulletin: IBM Security Network Protection is affected by the following IBM\u00c2\u00ae SDK, Java\u00e2\u0084\u00a2 Technology Edition vulnerability (CVE-2014-2414) ](<http://www.ibm.com/support/docview.wss?uid=swg21676875>) | 2018-02-15 | 28 \n[1693657](<http://www.ibm.com/support/docview.wss?uid=swg21693657>) | [Security Bulletin: TLS padding vulnerability affects IBM Security Network Protection (CVE-2014-8730) ](<http://www.ibm.com/support/docview.wss?uid=swg21693657>) | 2018-02-15 | 29 \n[1696265](<http://www.ibm.com/support/docview.wss?uid=swg21696265>) | [Security Bulletin: Multiple vulnerabilities in IBM Security Network Protection (CVE-2014-3567, CVE-2014-4877, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21696265>) | 2018-02-15 | 30 \n[1696521](<http://www.ibm.com/support/docview.wss?uid=swg21696521>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065) ](<http://www.ibm.com/support/docview.wss?uid=swg21696521>) | 2018-02-15 | 31 \n[1696811](<http://www.ibm.com/support/docview.wss?uid=swg21696811>) | [Security Bulletin: IBM Security Network Protection is affected by a NSS vulnerability (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21696811>) | 2018-02-15 | 32 \n[1701264](<http://www.ibm.com/support/docview.wss?uid=swg21701264>) | [Security Bulletin: Vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-0138) ](<http://www.ibm.com/support/docview.wss?uid=swg21701264>) | 2018-02-15 | 33 \n[1962064](<http://www.ibm.com/support/docview.wss?uid=swg21962064>) | [Security Bulletin: A vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-1788)](<http://www.ibm.com/support/docview.wss?uid=swg21962064>) | 2018-02-15 | 34 \n[1963297](<http://www.ibm.com/support/docview.wss?uid=swg21963297>) | [Security Bulletin: A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2013-7424) ](<http://www.ibm.com/support/docview.wss?uid=swg21963297>) | 2017-04-14 | 35 \n[2011740](<http://www.ibm.com/support/docview.wss?uid=swg22011740>) | [Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257) ](<http://www.ibm.com/support/docview.wss?uid=swg22011740>) | 2018-05-01 | 36 \n[2016575](<http://www.ibm.com/support/docview.wss?uid=swg22016575>) | [Impact of the Japanese era calendar change on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22016575>) | 2018-05-26 | 37 \n \n\\+ Operating system (OS)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1980551](<http://www.ibm.com/support/docview.wss?uid=swg21980551>) | [Interpreting LEEF formatting in syslog events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980551>) | 2018-05-01 | 1 \n[1986090](<http://www.ibm.com/support/docview.wss?uid=swg21986090>) | [Warning: \"User allocated memory\" on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986090>) | 2017-08-24 | 2 \n[1972161](<http://www.ibm.com/support/docview.wss?uid=swg21972161>) | [Allowed Characters for the Security Network Protection admin password](<http://www.ibm.com/support/docview.wss?uid=swg21972161>) | 2017-04-16 | 3 \n[1966576](<http://www.ibm.com/support/docview.wss?uid=swg21966576>) | [High disk usage on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966576>) | 2018-05-06 | 4 \n[1983875](<http://www.ibm.com/support/docview.wss?uid=swg21983875>) | [MTU as defined on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21983875>) | 2017-08-02 | 5 \n[1698146](<http://www.ibm.com/support/docview.wss?uid=swg21698146>) | [Kernel debug procedures for the XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698146>) | 2017-10-30 | 6 \n[1978425](<http://www.ibm.com/support/docview.wss?uid=swg21978425>) | [Unable to SSH in to the Securty Network Protection (XGS) with error: failed to start sshd ](<http://www.ibm.com/support/docview.wss?uid=swg21978425>) | 2018-05-01 | 7 \n[1705154](<http://www.ibm.com/support/docview.wss?uid=swg21705154>) | [IBM Security Network Protection (XGS) firmware 5.3 \"Kernel Soft Lockup\"](<http://www.ibm.com/support/docview.wss?uid=swg21705154>) | 2018-05-06 | 8 \n[1996695](<http://www.ibm.com/support/docview.wss?uid=swg21996695>) | [Error: \"Allocated user memory\" in SiteProtector for Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21996695>) | 2018-05-23 | 9 \n[1959380](<http://www.ibm.com/support/docview.wss?uid=swg21959380>) | [CVE-2002-0510 vulnerability on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21959380>) | 2017-09-04 | 10 \n[1599917](<http://www.ibm.com/support/docview.wss?uid=swg21599917>) | [Changing Time Settings Causes Gaps or Missing Data in Statistics Display](<http://www.ibm.com/support/docview.wss?uid=swg21599917>) | 2017-04-14 | 11 \n \n\\+ Performance\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1968189](<http://www.ibm.com/support/docview.wss?uid=swg21968189>) | [Security Network Protection (XGS) SensorStatistics](<http://www.ibm.com/support/docview.wss?uid=swg21968189>) | 2018-05-01 | 1 \n[1701480](<http://www.ibm.com/support/docview.wss?uid=swg21701480>) | [Network Interface Module (NIM) ports perform better than built-in gigabit ports on XGS 5100 sensors](<http://www.ibm.com/support/docview.wss?uid=swg21701480>) | 2018-05-01 | 2 \n[1959239](<http://www.ibm.com/support/docview.wss?uid=swg21959239>) | [Packet delay or loss while making changes to XGS policies](<http://www.ibm.com/support/docview.wss?uid=swg21959239>) | 2017-04-14 | 3 \n[1902773](<http://www.ibm.com/support/docview.wss?uid=swg21902773>) | [Policy migration limitations and facts to consider](<http://www.ibm.com/support/docview.wss?uid=swg21902773>) | 2018-05-01 | 4 \n[1667527](<http://www.ibm.com/support/docview.wss?uid=swg21667527>) | [Session ID Resumption and SSL decryption](<http://www.ibm.com/support/docview.wss?uid=swg21667527>) | 2018-05-01 | 5 \n[1683772](<http://www.ibm.com/support/docview.wss?uid=swg21683772>) | [Experiencing latency while using the Security Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21683772>) | 2018-05-01 | 6 \n[1903622](<http://www.ibm.com/support/docview.wss?uid=swg21903622>) | [Security Network Protection (XGS) email alerts do not include hostname or IP address of the reporting appliance](<http://www.ibm.com/support/docview.wss?uid=swg21903622>) | 2018-05-01 | 7 \n[1698814](<http://www.ibm.com/support/docview.wss?uid=swg21698814>) | [Forced speed/duplex interface settings not working with XGS Firmware 5.3](<http://www.ibm.com/support/docview.wss?uid=swg21698814>) | 2017-04-14 | 8 \n[1987354](<http://www.ibm.com/support/docview.wss?uid=swg21987354>) | [IBM QRadar Network Security (IQNS) no System Alerts seen in System Events](<http://www.ibm.com/support/docview.wss?uid=swg21987354>) | 2018-05-01 | 9 \n[1962510](<http://www.ibm.com/support/docview.wss?uid=swg21962510>) | [\"Timer expiration\" error when deploying a policy change on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21962510>) | 2017-08-24 | 10 \n[1977325](<http://www.ibm.com/support/docview.wss?uid=swg21977325>) | [Storage Limits and Allocation on the IBM Security Network Protection Appliance](<http://www.ibm.com/support/docview.wss?uid=swg21977325>) | 2017-04-14 | 11 \n[1999124](<http://www.ibm.com/support/docview.wss?uid=swg21999124>) | [Asymmetric traffic across NIMs for XGS7100 appliances](<http://www.ibm.com/support/docview.wss?uid=swg21999124>) | 2018-01-01 | 12 \n[1682809](<http://www.ibm.com/support/docview.wss?uid=swg21682809>) | [Unable to deploy policy to IBM QRadar Network Security IQNS (XGS) in SiteProtector.](<http://www.ibm.com/support/docview.wss?uid=swg21682809>) | 2018-05-01 | 13 \n[1667817](<http://www.ibm.com/support/docview.wss?uid=swg21667817>) | [Network Protection (XGS) unable to read or parse EEPROM data from selected slot](<http://www.ibm.com/support/docview.wss?uid=swg21667817>) | 2018-05-01 | 14 \n \n\\+ Protocol Analysis Module (PAM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1498057](<http://www.ibm.com/support/docview.wss?uid=swg21498057>) | [X-Force Protocol Analysis Module (PAM) signature information](<http://www.ibm.com/support/docview.wss?uid=swg21498057>) | 2018-01-01 | 1 \n[1436125](<http://www.ibm.com/support/docview.wss?uid=swg21436125>) | [Configuring a sensor to ignore or allowlist traffic from certain IP addresses](<http://www.ibm.com/support/docview.wss?uid=swg21436125>) | 2018-05-01 | 2 \n[1973599](<http://www.ibm.com/support/docview.wss?uid=swg21973599>) | [Protection against DoS and DDoS with IBM QRadar Network Security IQNS (XGS) and Network IPS (GX) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21973599>) | 2018-05-01 | 3 \n[1962049](<http://www.ibm.com/support/docview.wss?uid=swg21962049>) | [Information about the coalescer on QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21962049>) | 2017-09-26 | 4 \n[1435809](<http://www.ibm.com/support/docview.wss?uid=swg21435809>) | [Some traffic allowed despite a configured Block response on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21435809>) | 2018-05-28 | 5 \n[1987735](<http://www.ibm.com/support/docview.wss?uid=swg21987735>) | [IBM X-Force introduces version scheme change for X-Press Updates (XPU) - June 2017](<http://www.ibm.com/support/docview.wss?uid=swg21987735>) | 2017-08-24 | 6 \n[1965579](<http://www.ibm.com/support/docview.wss?uid=swg21965579>) | [Bypassing inspection on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21965579>) | 2017-10-09 | 7 \n[1986647](<http://www.ibm.com/support/docview.wss?uid=swg21986647>) | [Severity levels for IBM X-Force security signatures](<http://www.ibm.com/support/docview.wss?uid=swg21986647>) | 2018-05-28 | 8 \n[1988495](<http://www.ibm.com/support/docview.wss?uid=swg21988495>) | [Flood protection behavior on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21988495>) | 2017-09-04 | 9 \n[1437359](<http://www.ibm.com/support/docview.wss?uid=swg21437359>) | [IEEE 802.3ad (EtherChannel) support on XGS and GX sensors](<http://www.ibm.com/support/docview.wss?uid=swg21437359>) | 2017-09-11 | 10 \n[1515937](<http://www.ibm.com/support/docview.wss?uid=swg21515937>) | [Two events generated for the same signature (one as Detected and other as Blocked) on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21515937>) | 2017-09-04 | 11 \n[1643272](<http://www.ibm.com/support/docview.wss?uid=swg21643272>) | [How to determine whether there is coverage for a particular CVE](<http://www.ibm.com/support/docview.wss?uid=swg21643272>) | 2017-08-24 | 12 \n[1701441](<http://www.ibm.com/support/docview.wss?uid=swg21701441>) | [X-Force Virtual Patch Protection Levels for QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21701441>) | 2018-05-07 | 13 \n[1975854](<http://www.ibm.com/support/docview.wss?uid=swg21975854>) | [PAM reports Akamai's IP instead of the 'True-Client-IP' HTTP header](<http://www.ibm.com/support/docview.wss?uid=swg21975854>) | 2017-08-09 | 14 \n[1962594](<http://www.ibm.com/support/docview.wss?uid=swg21962594>) | [Enabling or disabling inspection of X-Forward headers on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21962594>) | 2017-10-16 | 15 \n[1976382](<http://www.ibm.com/support/docview.wss?uid=swg21976382>) | [Unable to access live.com (Hotmail/Outlook) when Outbound SSL is enabled on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976382>) | 2018-05-01 | 16 \n[1434828](<http://www.ibm.com/support/docview.wss?uid=swg21434828>) | [False positive on IBM host or network based IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21434828>) | 2017-06-26 | 17 \n[1999450](<http://www.ibm.com/support/docview.wss?uid=swg21999450>) | [Find PAM signature by issue ID on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21999450>) | 2018-05-01 | 18 \n[1683773](<http://www.ibm.com/support/docview.wss?uid=swg21683773>) | [Multiple false positives on Java-based security events on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21683773>) | 2017-09-26 | 19 \n[1624060](<http://www.ibm.com/support/docview.wss?uid=swg21624060>) | [Ignoring vulnerability scanner traffic on the Security Network IPS and Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21624060>) | 2018-05-01 | 20 \n[1468847](<http://www.ibm.com/support/docview.wss?uid=swg21468847>) | [Event and Response Filters with port ranges do not work with TCP_Port_Scan and UDP_Port_Scan](<http://www.ibm.com/support/docview.wss?uid=swg21468847>) | 2018-05-01 | 21 \n[1436031](<http://www.ibm.com/support/docview.wss?uid=swg21436031>) | [Determing the release date and coverage information for an XPU](<http://www.ibm.com/support/docview.wss?uid=swg21436031>) | 2017-04-14 | 22 \n[1643931](<http://www.ibm.com/support/docview.wss?uid=swg21643931>) | [HTTP HEAD and PUT methods not detected (blocked)](<http://www.ibm.com/support/docview.wss?uid=swg21643931>) | 2017-04-14 | 23 \n[1692287](<http://www.ibm.com/support/docview.wss?uid=swg21692287>) | [Signature coverage for SSLv3 (Poodle) on Security Network Protection and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21692287>) | 2017-09-04 | 24 \n[1697527](<http://www.ibm.com/support/docview.wss?uid=swg21697527>) | [Error: \"FNXPM1003E...\" trons interface errors on Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21697527>) | 2017-05-13 | 25 \n[1967067](<http://www.ibm.com/support/docview.wss?uid=swg21967067>) | [Compressed file traffic inspection by QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21967067>) | 2017-10-04 | 26 \n[1968099](<http://www.ibm.com/support/docview.wss?uid=swg21968099>) | [SMTP_Command_Binary_Overflow signature can cause a large number of events on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21968099>) | 2017-10-17 | 27 \n[1976381](<http://www.ibm.com/support/docview.wss?uid=swg21976381>) | [Skype traffic not being blocked by Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976381>) | 2018-05-01 | 28 \n[1996694](<http://www.ibm.com/support/docview.wss?uid=swg21996694>) | [Security Network Protection treatment for \"iv-remote-address\" header information](<http://www.ibm.com/support/docview.wss?uid=swg21996694>) | 2018-05-23 | 29 \n[1435997](<http://www.ibm.com/support/docview.wss?uid=swg21435997>) | [User Defined Event compiler limitations for the Protocol Analysis Module](<http://www.ibm.com/support/docview.wss?uid=swg21435997>) | 2017-04-23 | 30 \n[1626557](<http://www.ibm.com/support/docview.wss?uid=swg21626557>) | [Tuning the DNS_Bind_OPT_DOS signature on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21626557>) | 2017-04-14 | 31 \n[1883737](<http://www.ibm.com/support/docview.wss?uid=swg21883737>) | [Skype UDP traffic is not recognized by the Protocol Analysis Module on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21883737>) | 2017-05-13 | 32 \n[1966581](<http://www.ibm.com/support/docview.wss?uid=swg21966581>) | [Analysis of DECNET traffic on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966581>) | 2017-10-23 | 33 \n[1968561](<http://www.ibm.com/support/docview.wss?uid=swg21968561>) | [Inspection of duplicate packets by QRadar Network Security sensors with different interface modes](<http://www.ibm.com/support/docview.wss?uid=swg21968561>) | 2017-10-23 | 34 \n[1983891](<http://www.ibm.com/support/docview.wss?uid=swg21983891>) | [TCP_Probe_XXXX events do not fire when TCP_Port_Scan triggers on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983891>) | 2018-05-28 | 35 \n[1983900](<http://www.ibm.com/support/docview.wss?uid=swg21983900>) | [SNMP_Activity version detection](<http://www.ibm.com/support/docview.wss?uid=swg21983900>) | 2018-05-01 | 36 \n \n\\+ SSL Inspection\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1960119](<http://www.ibm.com/support/docview.wss?uid=swg21960119>) | [Inspecting inbound SSL traffic on an internal server](<http://www.ibm.com/support/docview.wss?uid=swg21960119>) | 2017-05-12 | 1 \n[1666241](<http://www.ibm.com/support/docview.wss?uid=swg21666241>) | [SSL traffic protection on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21666241>) | 2018-05-01 | 2 \n[1964212](<http://www.ibm.com/support/docview.wss?uid=swg21964212>) | [Diffie-Hellman and inbound SSL inspection on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964212>) | 2017-04-14 | 3 \n[1666913](<http://www.ibm.com/support/docview.wss?uid=swg21666913>) | [Inbound SSL inspection on the XGS appliance when operating in HA mode](<http://www.ibm.com/support/docview.wss?uid=swg21666913>) | 2018-05-01 | 4 \n[1986092](<http://www.ibm.com/support/docview.wss?uid=swg21986092>) | [Support for TLS Extended Master Secret on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986092>) | 2018-05-13 | 5 \n[7046102](<http://www.ibm.com/support/docview.wss?uid=swg27046102>) | [Open Mic replay: Overview of how SSL Inspection works on the XGS - 29 July 2015 [includes link to recording; presentation and speaker notes are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27046102>) | 2018-05-23 | 6 \n[1967118](<http://www.ibm.com/support/docview.wss?uid=swg21967118>) | [Security Network Protection (XGS) inbound and outbound SSL inspection session resumption](<http://www.ibm.com/support/docview.wss?uid=swg21967118>) | 2017-06-19 | 7 \n[1986091](<http://www.ibm.com/support/docview.wss?uid=swg21986091>) | [GLG license messages on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986091>) | 2017-08-24 | 8 \n[2004900](<http://www.ibm.com/support/docview.wss?uid=swg22004900>) | [Inbound SSL analysis of SSLv2 traffic might cause inspection engine crashes on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004900>) | 2017-12-08 | 9 \n[1650197](<http://www.ibm.com/support/docview.wss?uid=swg21650197>) | [SSL Inspection - Frequently Asked Questions](<http://www.ibm.com/support/docview.wss?uid=swg21650197>) | 2017-04-14 | 10 \n[1958051](<http://www.ibm.com/support/docview.wss?uid=swg21958051>) | [Outbound SSL use of certificates on the XGS](<http://www.ibm.com/support/docview.wss?uid=swg21958051>) | 2018-05-01 | 11 \n[1666891](<http://www.ibm.com/support/docview.wss?uid=swg21666891>) | [Network Protection (XGS) use of multiple SSL certificates](<http://www.ibm.com/support/docview.wss?uid=swg21666891>) | 2018-05-01 | 12 \n[1666909](<http://www.ibm.com/support/docview.wss?uid=swg21666909>) | [Network Protection (XGS) SSL decryption and passive monitoring mode](<http://www.ibm.com/support/docview.wss?uid=swg21666909>) | 2018-05-01 | 13 \n[1666889](<http://www.ibm.com/support/docview.wss?uid=swg21666889>) | [Network Protection (XGS): Impact of adding, deleting, and renewing SSL inspection certificates](<http://www.ibm.com/support/docview.wss?uid=swg21666889>) | 2018-05-01 | 14 \n[2008309](<http://www.ibm.com/support/docview.wss?uid=swg22008309>) | [Error: \"packet rewriting error\" on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22008309>) | 2017-12-13 | 15 \n[1903062](<http://www.ibm.com/support/docview.wss?uid=swg21903062>) | [Windows Updates fail with Outbound SSL inspection enabled on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21903062>) | 2018-05-01 | 16 \n[1700438](<http://www.ibm.com/support/docview.wss?uid=swg21700438>) | [IBM Security Network Protection Response to \u00e2\u0080\u009cThe Risks of SSL Inspection\u00e2\u0080\u009d CERT/CC Blog Post](<http://www.ibm.com/support/docview.wss?uid=swg21700438>) | 2018-05-21 | 17 \n[1972184](<http://www.ibm.com/support/docview.wss?uid=swg21972184>) | [Using domain certificate objects for Outbound SSL Inspection Policy on IBM Qradar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21972184>) | 2018-05-01 | 18 \n[1987355](<http://www.ibm.com/support/docview.wss?uid=swg21987355>) | [IBM QRadar Network Security (IQNS) 4096 bit encryption for inbound SSL inspection](<http://www.ibm.com/support/docview.wss?uid=swg21987355>) | 2018-05-01 | 19 \n[1667164](<http://www.ibm.com/support/docview.wss?uid=swg21667164>) | [Network Protection (XGS) - Creating a private key with a passphrase when generating a certificate for SSL decryption](<http://www.ibm.com/support/docview.wss?uid=swg21667164>) | 2018-05-01 | 20 \n[1903522](<http://www.ibm.com/support/docview.wss?uid=swg21903522>) | [Traffic using SPDY protocol is not analyzed by Outbound SSL inspection](<http://www.ibm.com/support/docview.wss?uid=swg21903522>) | 2017-05-08 | 21 \n[1977446](<http://www.ibm.com/support/docview.wss?uid=swg21977446>) | [Analysis daemon crash due to Outbound SSL rules on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21977446>) | 2017-04-23 | 22 \n[1666906](<http://www.ibm.com/support/docview.wss?uid=swg21666906>) | [Non-RFC compliant traffic and SSL inspection on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21666906>) | 2018-05-01 | 23 \n[1975332](<http://www.ibm.com/support/docview.wss?uid=swg21975332>) | [File upload or download is slow with Outbound SSL Inspection enabled on Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21975332>) | 2017-04-14 | 24 \n[1992908](<http://www.ibm.com/support/docview.wss?uid=swg21992908>) | [Configuring Remote Syslog over TLS on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21992908>) | 2017-04-14 | 25 \n[2005572](<http://www.ibm.com/support/docview.wss?uid=swg22005572>) | [Unable to access certain websites after updating the XGS appliance.](<http://www.ibm.com/support/docview.wss?uid=swg22005572>) | 2017-09-02 | 26 \n[1640383](<http://www.ibm.com/support/docview.wss?uid=swg21640383>) | [Determining which SSL connections the Network Protection appliance inspects for sites that use self-signed certificates ](<http://www.ibm.com/support/docview.wss?uid=swg21640383>) | 2017-08-04 | 27 \n[1643924](<http://www.ibm.com/support/docview.wss?uid=swg21643924>) | [SSL client error: Can't establish a secure connection](<http://www.ibm.com/support/docview.wss?uid=swg21643924>) | 2017-04-14 | 28 \n[1645833](<http://www.ibm.com/support/docview.wss?uid=swg21645833>) | [Outbound SSL inspection: Determining if a client connection is being inspected through the Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21645833>) | 2017-08-03 | 29 \n[1646158](<http://www.ibm.com/support/docview.wss?uid=swg21646158>) | [Outbound SSL inspection: Client connections are partially blocked or cannot access HTTPS sites](<http://www.ibm.com/support/docview.wss?uid=swg21646158>) | 2017-08-02 | 30 \n[1669034](<http://www.ibm.com/support/docview.wss?uid=swg21669034>) | [Order of precedence with matching inbound and outbound SSL inspection rules](<http://www.ibm.com/support/docview.wss?uid=swg21669034>) | 2018-05-01 | 31 \n[1682810](<http://www.ibm.com/support/docview.wss?uid=swg21682810>) | [Error: \"NULL Cipher Pointer\" on the Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21682810>) | 2017-09-11 | 32 \n[1974966](<http://www.ibm.com/support/docview.wss?uid=swg21974966>) | [Outbound SSL Inspection triggers SSL_Malformed_Certificate events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21974966>) | 2017-04-24 | 33 \n[1993272](<http://www.ibm.com/support/docview.wss?uid=swg21993272>) | [Performance issues due to Outbound SSL policy on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21993272>) | 2017-04-14 | 34 \n[2003465](<http://www.ibm.com/support/docview.wss?uid=swg22003465>) | [Inbound SSL rules using the \"any\" destination might cause crashes on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22003465>) | 2017-06-19 | 35 \n[1883845](<http://www.ibm.com/support/docview.wss?uid=swg21883845>) | [Security Network Protection failing to decrypt SSL incoming traffic in firmware version 5.2](<http://www.ibm.com/support/docview.wss?uid=swg21883845>) | 2017-04-14 | 36 \n[1967594](<http://www.ibm.com/support/docview.wss?uid=swg21967594>) | [Updating VMware products when Outbound SSL Inspection is enabled on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21967594>) | 2017-10-17 | 37 \n[1967595](<http://www.ibm.com/support/docview.wss?uid=swg21967595>) | [IBM SR file upload issues when Outbound SSL Inspection is enabled on Security Network Protection sensors ](<http://www.ibm.com/support/docview.wss?uid=swg21967595>) | 2017-04-14 | 38 \n[1992466](<http://www.ibm.com/support/docview.wss?uid=swg21992466>) | [Yahoo! Messenger changes cause outbound SSL MitM to fail on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21992466>) | 2017-11-06 | 39 \n \n\\+ Tuning Parameters\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1987352](<http://www.ibm.com/support/docview.wss?uid=swg21987352>) | [IBM QRadar Network Security (IQNS) debug logging](<http://www.ibm.com/support/docview.wss?uid=swg21987352>) | 2018-05-01 | 1 \n[2008978](<http://www.ibm.com/support/docview.wss?uid=swg22008978>) | [IBM QRadar Network Security (XGS) Tuning Parameters for Certificate Authority (CA) health check](<http://www.ibm.com/support/docview.wss?uid=swg22008978>) | 2017-12-06 | 2 \n[1965103](<http://www.ibm.com/support/docview.wss?uid=swg21965103>) | [IBM QRadar Network Security IQNS (XGS) Tuning Parameters for System Alerts notifications](<http://www.ibm.com/support/docview.wss?uid=swg21965103>) | 2018-05-01 | 3 \n[1677865](<http://www.ibm.com/support/docview.wss?uid=swg21677865>) | [IBM QRadar Network Security IQNS (XGS) - Tuning parameter for large number of compressed HTTP sessions ](<http://www.ibm.com/support/docview.wss?uid=swg21677865>) | 2018-05-01 | 4 \n[1969502](<http://www.ibm.com/support/docview.wss?uid=swg21969502>) | [Preventing the TCP Reset in Passive Monitoring Mode on the Security Network IPS (GX) and the IBM QRadar Network Security IQNS (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21969502>) | 2018-05-01 | 5 \n[1997392](<http://www.ibm.com/support/docview.wss?uid=swg21997392>) | [Enabling and disabling flow control pause frames with tuning parameters on the IBM Security Network Protection XGS appliances](<http://www.ibm.com/support/docview.wss?uid=swg21997392>) | 2017-04-14 | 6 \n[1968100](<http://www.ibm.com/support/docview.wss?uid=swg21968100>) | [Detecting credit card numbers using the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21968100>) | 2018-05-29 | 7 \n[1986093](<http://www.ibm.com/support/docview.wss?uid=swg21986093>) | [pam.sweep.block.allow parameter can cause blocking issues on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986093>) | 2017-08-28 | 8 \n[2000597](<http://www.ibm.com/support/docview.wss?uid=swg22000597>) | [Ports do not come up after enabling HA on an XGS7100 at firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000597>) | 2018-05-01 | 9 \n \n\\+ XPU\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1990298](<http://www.ibm.com/support/docview.wss?uid=swg21990298>) | [Updating Security Network Protection application databases via SiteProtector X-Press Update Server](<http://www.ibm.com/support/docview.wss?uid=swg21990298>) | 2017-04-17 | 1 \n[1903179](<http://www.ibm.com/support/docview.wss?uid=swg21903179>) | [IBM Proventia family PAM Content Update 35.050 - README](<http://www.ibm.com/support/docview.wss?uid=swg21903179>) | 2018-05-01 | 2 \n[2009168](<http://www.ibm.com/support/docview.wss?uid=swg22009168>) | [PAM XPU date differences on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22009168>) | 2017-10-18 | 3 \n[1963514](<http://www.ibm.com/support/docview.wss?uid=swg21963514>) | [URL Category Database, Web Application Database, and IP Reputation Database updates may fail due to Scanning IP reputation ](<http://www.ibm.com/support/docview.wss?uid=swg21963514>) | 2018-01-29 | 4 \n[1667616](<http://www.ibm.com/support/docview.wss?uid=swg21667616>) | [Rolling back an XPU on the Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21667616>) | 2018-05-01 | 5 \n[2002781](<http://www.ibm.com/support/docview.wss?uid=swg22002781>) | [XPUs applied after firmware update is installed on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22002781>) | 2018-05-01 | 6 \n[1961531](<http://www.ibm.com/support/docview.wss?uid=swg21961531>) | [XPU version rolled back after updating Security Network Protection (XGS) firmware](<http://www.ibm.com/support/docview.wss?uid=swg21961531>) | 2017-10-16 | 7 \n[2000267](<http://www.ibm.com/support/docview.wss?uid=swg22000267>) | [XPU install or rollback can cause protection interfaces to recycle in Security Network Protection firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000267>) | 2018-02-12 | 8 \n \n \n\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-31T00:10:25", "type": "ibm", "title": "IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0510", "CVE-2008-5161", "CVE-2010-5298", "CVE-2012-5667", "CVE-2013-4164", "CVE-2013-4492", "CVE-2013-5442", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-0963", "CVE-2014-2414", "CVE-2014-2532", "CVE-2014-3065", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3565", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-4607", "CVE-2014-4877", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-5355", "CVE-2014-6183", "CVE-2014-6189", "CVE-2014-6197", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6558", "CVE-2014-8121", "CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-8275", "CVE-2014-8730", "CVE-2014-9421", "CVE-2014-9422", "CVE-2014-9636", "CVE-2014-9645", "CVE-2015-0138", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0235", "CVE-2015-1283", "CVE-2015-1345", "CVE-2015-1781", "CVE-2015-1788", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-1819", "CVE-2015-2806", "CVE-2015-3183", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3238", "CVE-2015-3245", "CVE-2015-3246", "CVE-2015-3405", "CVE-2015-3416", "CVE-2015-3622", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-5621", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7547", "CVE-2015-7704", "CVE-2015-8138", "CVE-2015-8325", "CVE-2015-8629", "CVE-2015-8631", "CVE-2016-0201", "CVE-2016-0634", "CVE-2016-0718", "CVE-2016-0787", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-3092", "CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597", "CVE-2016-6210", "CVE-2016-6313", "CVE-2016-6515", "CVE-2016-7167", "CVE-2016-7543", "CVE-2016-8106", "CVE-2016-8610", "CVE-2016-9401", "CVE-2017-1000257", "CVE-2017-1000366", "CVE-2017-1457", "CVE-2017-1458", "CVE-2017-1491", "CVE-2017-3731", "CVE-2017-9800"], "modified": "2021-01-31T00:10:25", "id": "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "href": "https://www.ibm.com/support/pages/node/278867", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-08-31T06:27:27", "description": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.", "cvss3": {}, "published": "2015-08-19T15:59:00", "type": "debiancve", "title": "CVE-2015-5621", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2015-08-19T15:59:00", "id": "DEBIANCVE:CVE-2015-5621", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5621", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-08-31T10:50:33", "description": "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.", "cvss3": {}, "published": "2015-08-19T15:59:00", "type": "cve", "title": "CVE-2015-5621", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2018-10-10T10:29:00", "cpe": ["cpe:/a:net-snmp:net-snmp:5.7.2"], "id": "CVE-2015-5621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5621", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:net-snmp:net-snmp:5.7.2:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2023-08-31T18:44:32", "description": "**Issue Overview:**\n\nIt was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)\n\n \n**Affected Packages:** \n\n\nnet-snmp\n\n \n**Issue Correction:** \nRun _yum update net-snmp_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 net-snmp-devel-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-libs-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-utils-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-python-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-debuginfo-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-5.5-54.1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 net-snmp-perl-5.5-54.1.20.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 net-snmp-5.5-54.1.20.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 net-snmp-libs-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-python-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-debuginfo-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-perl-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-utils-5.5-54.1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 net-snmp-devel-5.5-54.1.20.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-5621](<https://access.redhat.com/security/cve/CVE-2015-5621>)\n\nMitre: [CVE-2015-5621](<https://vulners.com/cve/CVE-2015-5621>)\n", "cvss3": {}, "published": "2015-09-02T12:00:00", "type": "amazon", "title": "Medium: net-snmp", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2015-09-02T12:00:00", "id": "ALAS-2015-590", "href": "https://alas.aws.amazon.com/ALAS-2015-590.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:21:05", "description": "[1:5.5-54.0.1.el6_7.1]\n- Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373]\n[1:5.5-54.el6_7.1]\n- Fixed parsing of invalid variables in incoming packets (#1248410)", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "oraclelinux", "title": "net-snmp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5621"], "modified": "2015-08-17T00:00:00", "id": "ELSA-2015-1636", "href": "http://linux.oracle.com/errata/ELSA-2015-1636.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T13:23:44", "description": "net-snmp is vulnerable to denial of service. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.\n", "cvss3": {}, "published": "2019-01-15T09:07:07", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621"], "modified": "2019-05-15T06:18:15", "id": "VERACODE:11749", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-11749/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:16:55", "description": "The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-02T05:17:56", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2022-04-19T18:34:03", "id": "VERACODE:16426", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-16426/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-09-07T19:57:01", "description": "**CentOS Errata and Security Advisory** CESA-2015:1636\n\n\nThe net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A remote,\nunauthenticated attacker could use this flaw to crash snmpd or,\npotentially, execute arbitrary code on the system with the privileges of\nthe user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for\nreporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-August/083497.html\nhttps://lists.centos.org/pipermail/centos-announce/2015-August/083500.html\n\n**Affected packages:**\nnet-snmp\nnet-snmp-agent-libs\nnet-snmp-devel\nnet-snmp-gui\nnet-snmp-libs\nnet-snmp-perl\nnet-snmp-python\nnet-snmp-sysvinit\nnet-snmp-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1636", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T16:22:33", "type": "centos", "title": "net security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2015-08-17T16:54:59", "id": "CESA-2015:1636", "href": "https://lists.centos.org/pipermail/centos-announce/2015-August/083497.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-09-28T09:20:18", "description": "USN-2711-1 Net-SNMP Vulnerabilities\n\n# \n\nLow to Medium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * libsnmp30 5.7.2~dfsg-8.1ubuntu3.1 \n\n# Description\n\nNet-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. ([CVE-2014-3565](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3565.html>))\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2015-5621](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5621.html>))\n\n# Affected Products and Versions\n\n_Severity is low unless otherwise noted. \n_\n\n * Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs. \n * PHP Buildpack v1.4.1 and earlier are vulnerable. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs. \n\n# Credit\n\nUnknown\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2711-1/>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "cvss3": {}, "published": "2015-10-07T00:00:00", "type": "cloudfoundry", "title": "USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2015-10-07T00:00:00", "id": "CFOUNDRY:4F43D8E6BFF265B4800460FBD8EF85B5", "href": "https://www.cloudfoundry.org/blog/usn-2711-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-09-18T05:49:48", "description": "## Releases\n\n * Ubuntu 15.04 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * net-snmp \\- SNMP (Simple Network Management Protocol) server and applications\n\nIt was discovered that Net-SNMP incorrectly handled certain trap messages \nwhen the -OQ option was used. A remote attacker could use this issue to \ncause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)\n\nQinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing \nfailures. A remote attacker could use this issue to cause Net-SNMP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2015-5621)\n", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "ubuntu", "title": "Net-SNMP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-5621"], "modified": "2015-08-17T00:00:00", "id": "USN-2711-1", "href": "https://ubuntu.com/security/notices/USN-2711-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-09-09T21:35:06", "description": "## **As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see [Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global)](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>).**\n\n## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor: **Siemens\n * **Equipment: **Various SCALANCE, SIMATIC, SIPLUS products\n * **Vulnerabilities:** Data Processing Errors, NULL Pointer Dereference\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update E) that was published February 10, 2022, to the ICS webpage on www.cisa.gov/uscert.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow remote attackers to conduct a denial-of-service attack by sending specially crafted packets to Port 161/UDP (SNMP).\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n * IE/PB LINK PN IO (including SIPLUS NET variants): All versions prior to v4.0.1\n * SCALANCE S602: All versions prior to v4.1\n * SCALANCE S612: All versions prior to v4.1\n * SCALANCE S623: All versions prior to v4.1\n * SCALANCE S627-2M: All versions prior to v4.1\n * SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0):All versions\n * SIMATIC CP 443-1 (6GK7443-1EX30-0XE0): All versions\n * SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0):: All versions\n * SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0): All versions\n * SIMATIC CP 1623 (6GK1162-3AA00): All versions prior to v14.00.15.00_51.25.00.01\n * SIMATIC CP 1626 (6GK1162-6AA01): All versions prior to v1.1.1\n * SIMATIC CP 1628(6GK1162-8AA00): All versions prior to v14.00.15.00_51.25.00.01\n * SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0): All versions\n * SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0): All versions\n * SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0): All version\n * TIM 1531 IRC (including SIPLUS NET variants): All versions\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [DATA PROCESSING ERRORS CWE-19](<https://cwe.mitre.org/data/definitions/19.html>)\n\nAn error in the message handling of SNMP messages allows remote attackers to cause a denial-of-service condition and execute arbitrary code via a crafted packet sent on Port 161/UDP (SNMP).\n\n[CVE-2015-5621](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5621>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.2 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nA NULL pointer exception bug within the SNMP handling code allows authenticated attacker to remotely cause a denial-of-service condition via a crafted packet sent on Port 161/UDP (SNMP).\n\n[CVE-2018-18065](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18065>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 4.4 RESEARCHER\n\nArtem Zinenko of Kaspersky Lab reported these vulnerabilities to Siemens.\n\n## 5\\. MITIGATIONS\n\nSiemens has released updates for several affected products and recommends users update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.\n\n * For IE/PB LINK PN IO, update to [v4.0.1](<https://support.industry.siemens.com/cs/ww/en/view/109780330/>)\n * For SCALANCE S602, SCALANCE S612, SCALANCE S623, and SCALANCE S627-2M products: Update to v4.1 (Update is only available via Siemens Support contact). Upgrade hardware to successor product from [SCALANCE SC-600 family](<https://support.industry.siemens.com/cs/document/109756957>)\n\n**\\--------- Begin Update F Part 1 of 1 ---------**\n\n * For SIMATIC NET CP 1623 the updated firmware is contained in [SIMATIC NET PC Software v14 Update 14](<https://support.industry.siemens.com/cs/ww/en/view/109775589/>) or later version or [SIMATIC NET PC Software v16](<https://support.industry.siemens.com/cs/ww/en/view/109775589/>) or later version\n\n**\\--------- End Update F Part 1 of 1 ---------**\n\n * For SIMATIC NET CP 1626, update to [v1.1.1](<https://support.industry.siemens.com/cs/us/en/view/109792924/>) or later version\n * For TIM 1531 IRC or SIPLUS NET variants, update to [Version 2.0](<https://support.industry.siemens.com/cs/ww/en/view/109774204>)\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n * Disable SNMP if this is supported by the product (refer to the product documentation). Disabling SNMP fully mitigates these vulnerabilities.\n * Protect network access to Port 161/UDP of affected devices.\n * Apply cell protection concept and implement [defense-in-depth](<https://www.siemens.com/cert/operational-guidelines-industrial-security>).\n * Use VPN for protecting network communication between cells.\n\nAs a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to [Siemens\u2019 operational guidelines for Industrial Security](<https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf>), and follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>.\n\nFor more information on the vulnerabilities and detailed mitigation instructions, please see [Siemens security advisory SSA-978220](<http://www.siemens.com/cert/advisories>)\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the ICS webpage on [cisa.gov](<https://www.cisa.gov/uscert/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov](<https://www.cisa.gov/uscert/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-14T12:00:00", "type": "ics", "title": "Siemens Industrial Products SNMP (Update F)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-18065"], "modified": "2022-04-14T12:00:00", "id": "ICSA-20-042-02", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-042-02", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T21:32:48", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4154-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 28, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : net-snmp\nCVE ID : CVE-2015-5621 CVE-2018-1000116\nDebian Bug : 788964 894110\n\nA heap corruption vulnerability was discovered in net-snmp, a suite of\nSimple Network Management Protocol applications, triggered when parsing\nthe PDU prior to the authentication process. A remote, unauthenticated\nattacker can take advantage of this flaw to crash the snmpd process\n(causing a denial of service) or, potentially, execute arbitrary code\nwith the privileges of the user running snmpd.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.7.2.1+dfsg-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nbefore the initial release.\n\nWe recommend that you upgrade your net-snmp packages.\n\nFor the detailed security status of net-snmp please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/net-snmp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T09:21:30", "type": "debian", "title": "[SECURITY] [DSA 4154-1] net-snmp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2018-03-28T09:21:30", "id": "DEBIAN:DSA-4154-1:4FDF1", "href": "https://lists.debian.org/debian-security-announce/2018/msg00080.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-04T15:30:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4154-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 28, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : net-snmp\nCVE ID : CVE-2015-5621 CVE-2018-1000116\nDebian Bug : 788964 894110\n\nA heap corruption vulnerability was discovered in net-snmp, a suite of\nSimple Network Management Protocol applications, triggered when parsing\nthe PDU prior to the authentication process. A remote, unauthenticated\nattacker can take advantage of this flaw to crash the snmpd process\n(causing a denial of service) or, potentially, execute arbitrary code\nwith the privileges of the user running snmpd.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.7.2.1+dfsg-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nbefore the initial release.\n\nWe recommend that you upgrade your net-snmp packages.\n\nFor the detailed security status of net-snmp please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/net-snmp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-28T09:21:30", "type": "debian", "title": "[SECURITY] [DSA 4154-1] net-snmp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2018-03-28T09:21:30", "id": "DEBIAN:DSA-4154-1:6A12C", "href": "https://lists.debian.org/debian-security-announce/2018/msg00080.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-08-31T10:54:59", "description": "Arch Linux Security Advisory ASA-201810-11\n==========================================\n\nSeverity: High\nDate : 2018-10-17\nCVE-ID : CVE-2015-5621 CVE-2018-18065\nPackage : net-snmp\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-777\n\nSummary\n=======\n\nThe package net-snmp before version 5.8-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 5.8-1.\n\n# pacman -Syu \"net-snmp>=5.8-1\"\n\nThe problems have been fixed upstream in version 5.8.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2015-5621 (arbitrary code execution)\n\nIt was discovered that in net-snmp before 5.8 the snmp_pdu_parse()\nfunction could leave incompletely parsed varBind variables in the list\nof variables. A remote, unauthenticated attacker could use this flaw to\ncrash snmpd or potentially execute arbitrary code on the system with\nthe privileges of the user running snmpd.\n\n- CVE-2018-18065 (denial of service)\n\nA denial of service vulnerability has been discovered in net-snmp\nbefore 5.8. The _set_key function in agent/helpers/table_container.c\nhas a NULL pointer exception bug that can be used by an authenticated\nattacker to remotely cause the instance to crash via a crafted UDP\npacket, resulting in denial of service.\n\nImpact\n======\n\nA remote unauthenticated attacker is able to crash snmpd or potentially\nexecute arbitrary code on the system by sending specially crafted\npackets.\n\nReferences\n==========\n\nhttps://seclists.org/oss-sec/2018/q4/24\nhttps://sourceforge.net/p/net-snmp/bugs/2615/\nhttps://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791\nhttps://www.openwall.com/lists/oss-security/2015/04/13/1\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1212408\nhttps://sourceforge.net/p/net-snmp/bugs/2743/\nhttps://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d\nhttps://dumpco.re/blog/net-snmp-5.7.3-remote-dos\nhttps://security.archlinux.org/CVE-2015-5621\nhttps://security.archlinux.org/CVE-2018-18065", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-17T00:00:00", "type": "archlinux", "title": "[ASA-201810-11] net-snmp: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-18065"], "modified": "2018-10-17T00:00:00", "id": "ASA-201810-11", "href": "https://security.archlinux.org/ASA-201810-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-05-26T02:21:32", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nIt was discovered that the snmp_pdu_parse() function could leave\nincompletely parsed varBind variables in the list of variables. A remote,\nunauthenticated attacker could use this flaw to crash snmpd or,\npotentially, execute arbitrary code on the system with the privileges of\nthe user running snmpd. (CVE-2015-5621)\n\nRed Hat would like to thank Qinghao Tang of QIHU 360 company, China for\nreporting this issue.\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T00:00:00", "type": "redhat", "title": "(RHSA-2015:1636) Moderate: net-snmp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5621", "CVE-2018-1000116"], "modified": "2018-06-06T16:24:24", "id": "RHSA-2015:1636", "href": "https://access.redhat.com/errata/RHSA-2015:1636", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621)
