Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-1313.NASL
HistoryOct 29, 2018 - 12:00 a.m.

openSUSE Security Update : net-snmp (openSUSE-2018-1313)

2018-10-2900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

This update for net-snmp fixes the following issues :

Security issues fixed :

  • CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
    (bsc#1111122)

Non-security issues fixed :

  • swintst_rpm: Protect against unspecified Group name (bsc#1102775)

  • Add tsm and tlstm MIBs and the USM security module.
    (bsc#1081164)

  • Fix agentx freezing on timeout (bsc#1027353)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-1313.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(118485);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-18065");

  script_name(english:"openSUSE Security Update : net-snmp (openSUSE-2018-1313)");
  script_summary(english:"Check for the openSUSE-2018-1313 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for net-snmp fixes the following issues :

Security issues fixed :

  - CVE-2018-18065: _set_key in
    agent/helpers/table_container.c had a NULL pointer
    Exception bug that can be used by an authenticated
    attacker to remotely cause the instance to crash via a
    crafted UDP packet, resulting in Denial of Service.
    (bsc#1111122)

Non-security issues fixed :

  - swintst_rpm: Protect against unspecified Group name
    (bsc#1102775)

  - Add tsm and tlstm MIBs and the USM security module.
    (bsc#1081164)

  - Fix agentx freezing on timeout (bsc#1027353)

This update was imported from the SUSE:SLE-12-SP1:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081164"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102775"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111122"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected net-snmp packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsnmp30");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsnmp30-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:net-snmp-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-SNMP");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-SNMP-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:snmp-mibs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"libsnmp30-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsnmp30-debuginfo-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-debuginfo-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-debugsource-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-devel-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-python-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"net-snmp-python-debuginfo-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-SNMP-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-SNMP-debuginfo-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"snmp-mibs-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsnmp30-32bit-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsnmp30-debuginfo-32bit-5.7.3-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"net-snmp-devel-32bit-5.7.3-7.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsnmp30-32bit / libsnmp30 / libsnmp30-debuginfo-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibsnmp30p-cpe:/a:novell:opensuse:libsnmp30
novellopensuselibsnmp30-32bitp-cpe:/a:novell:opensuse:libsnmp30-32bit
novellopensuselibsnmp30-debuginfop-cpe:/a:novell:opensuse:libsnmp30-debuginfo
novellopensuselibsnmp30-debuginfo-32bitp-cpe:/a:novell:opensuse:libsnmp30-debuginfo-32bit
novellopensusenet-snmpp-cpe:/a:novell:opensuse:net-snmp
novellopensusenet-snmp-debuginfop-cpe:/a:novell:opensuse:net-snmp-debuginfo
novellopensusenet-snmp-debugsourcep-cpe:/a:novell:opensuse:net-snmp-debugsource
novellopensusenet-snmp-develp-cpe:/a:novell:opensuse:net-snmp-devel
novellopensusenet-snmp-devel-32bitp-cpe:/a:novell:opensuse:net-snmp-devel-32bit
novellopensusenet-snmp-pythonp-cpe:/a:novell:opensuse:net-snmp-python
Rows per page:
1-10 of 151

Related

nessus 15
debian 2
paloalto 1
suse 3
osv 3
openvas 14
ubuntucve 1
cve 1
redhatcve 1
prion 1
veracode 1
ubuntu 3
debiancve 1
fedora 1
ibm 3
archlinux 1
ics 1
photon 4
rosalinux 1
oracle 1
nessus
nessus
Debian DSA-4314-1 : net-snmp - security update
2018-10-12 00:00:00
Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Denial of Service vulnerability (PAN-SA-2019-0007)
2019-04-02 00:00:00
Ubuntu 18.10 : Net-SNMP vulnerability (USN-3792-3)
2018-10-23 00:00:00
debian
debian
[SECURITY] [DSA 4314-1] net-snmp security update
2018-10-11 19:40:56
[SECURITY] [DSA 4314-1] net-snmp security update
2018-10-11 19:41:22
paloalto
paloalto
Denial of Service in PAN-OS Management Interface
2019-03-20 21:20:00
suse
suse
Security update for net-snmp (important)
2018-10-27 00:17:44
Security update for net-snmp (important)
2018-10-24 15:16:26
Security update for opera (important)
2022-02-25 00:00:00
osv
osv
CVE-2018-18065
2018-10-08 18:29:00
net-snmp - security update
2018-10-09 00:00:00
net-snmp - security update
2018-10-11 00:00:00
openvas
openvas
openSUSE: Security Advisory for net-snmp (openSUSE-SU-2018:3381-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3447-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-1540-1)
2023-03-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-18065
2018-10-08 00:00:00
cve
cve
CVE-2018-18065
2018-10-08 18:29:00
redhatcve
redhatcve
CVE-2018-18065
2018-10-09 14:20:23
prion
prion
Null pointer dereference
2018-10-08 18:29:00
veracode
veracode
Denial Of Service (DoS)
2018-10-09 06:23:50
ubuntu
ubuntu
Net-SNMP vulnerability
2018-10-15 00:00:00
Net-SNMP vulnerability
2018-10-22 00:00:00
Net-SNMP vulnerability
2018-10-16 00:00:00
debiancve
debiancve
CVE-2018-18065
2018-10-08 18:29:00
fedora
fedora
[SECURITY] Fedora 29 Update: net-snmp-5.8-3.fc29
2018-12-02 08:28:31
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB
2019-03-07 20:15:02
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging
2019-03-07 20:10:01
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
2018-12-05 22:20:01
archlinux
archlinux
[ASA-201810-11] net-snmp: multiple issues
2018-10-17 00:00:00
ics
ics
Siemens Industrial Products SNMP (Update F)
2022-04-14 12:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0118
2019-01-07 00:00:00
Important Photon OS Security Update - PHSA-2019-0118
2019-01-07 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0203
2019-01-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1929
2021-07-02 17:32:57
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
JSON
Related for OPENSUSE-2018-1313.NASL
nessus15debian2paloalto1suse3osv3openvas14ubuntucve1cve1redhatcve1prion1veracode1ubuntu3debiancve1fedora1ibm3archlinux1ics1photon4rosalinux1oracle1