Lucene search

nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202210-29.NASL
HistoryOct 31, 2022 - 12:00 a.m.

GLSA-202210-29 : Net-SNMP: Multiple Vulnerabilities

This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.

7.5 High

AI Score



The remote host is affected by the vulnerability described in GLSA-202210-29 (Net-SNMP: Multiple Vulnerabilities)

  • The vulnerability exists due to a boundary error when handling INDEX of NET-SNMP-VACM-MIB. A remote attacker can trick the victim into loading a specially crafted MIB collection, trigger an out-of-bounds write and execute arbitrary code on the target system. (CVE-2022-24805)

  • The vulnerability exists due to insufficient validation of user-supplied input when SETing malformed OIDs in master agent and subagent simultaneously. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack. (CVE-2022-24806)

  • The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM- MIB::vacmAccessTable. A remote user can pass a malformed OID in a SET request, trigger an out-of-bounds write and execute arbitrary code on the target system. (CVE-2022-24807)

  • The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack. (CVE-2022-24808)

  • The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in GET-NEXT. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack. (CVE-2022-24809)

  • The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack. (CVE-2022-24810)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

# (C) Tenable, Inc.
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202210-29.
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See


if (description)
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/17");


  script_name(english:"GLSA-202210-29 : Net-SNMP: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202210-29 (Net-SNMP: Multiple Vulnerabilities)

  - The vulnerability exists due to a boundary error when handling INDEX of NET-SNMP-VACM-MIB. A remote
    attacker can trick the victim into loading a specially crafted MIB collection, trigger an out-of-bounds
    write and execute arbitrary code on the target system. (CVE-2022-24805)

  - The vulnerability exists due to insufficient validation of user-supplied input when SETing malformed OIDs
    in master agent and subagent simultaneously. A remote user can pass specially crafted input to the
    application and perform a denial of service (DoS) attack. (CVE-2022-24806)

  - The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM-
    MIB::vacmAccessTable. A remote user can pass a malformed OID in a SET request, trigger an out-of-bounds
    write and execute arbitrary code on the target system. (CVE-2022-24807)

  - The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when
    handling malformed OID in a SET request. A remote user can pass specially crafted data to the application
    and perform a denial of service (DoS) attack. (CVE-2022-24808)

  - The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable  when handling
    malformed OID in GET-NEXT. A remote user can pass specially crafted data to the application and perform a
    denial of service (DoS) attack. (CVE-2022-24809)

  - The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling
    malformed OID in a SET request. A remote user can pass specially crafted data to the application and
    perform a denial of service (DoS) attack. (CVE-2022-24810)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
  script_set_attribute(attribute:"see_also", value:"");
  script_set_attribute(attribute:"see_also", value:"");
  script_set_attribute(attribute:"solution", value:
"All Net-SNMP users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=net-analyzer/net-snmp-5.9.2");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24810");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:net-snmp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");


if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
    'name' : 'net-analyzer/net-snmp',
    'unaffected' : make_list("ge 5.9.2", "lt 5.0.0"),
    'vulnerable' : make_list("lt 5.9.2")

foreach package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;

# This plugin has a different number of unaffected and vulnerable versions for
# one or more packages. To ensure proper detection, a separate line should be 
# used for each fixed/vulnerable version pair.

if (flag)
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : qpkg_report_get()
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);