Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.SOLARIS11_NET-SNMP_20141014.NASL
HistoryJan 19, 2015 - 12:00 a.m.

Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_6151_resource_management)

2015-01-1900:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The remote Solaris system is missing necessary patches to address security updates :

  • Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. (CVE-2012-6151)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80707);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-6151");

  script_name(english:"Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_6151_resource_management)");
  script_summary(english:"Check for the 'entire' version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Solaris system is missing a security patch for third-party
software."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote Solaris system is missing necessary patches to address
security updates :

  - Net-SNMP 5.7.1 and earlier, when AgentX is registering
    to handle a MIB and processing GETNEXT requests, allows
    remote attackers to cause a denial of service (crash or
    infinite loop, CPU consumption, and hang) by causing the
    AgentX subagent to timeout. (CVE-2012-6151)"
  );
  # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a913f44"
  );
  # https://blogs.oracle.com/sunsecurity/cve-2012-6151-resource-management-errors-vulnerability-in-net-snmp
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1d1c3b1d"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2.3.4.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:net-snmp");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");

if (empty_or_null(egrep(string:pkg_list, pattern:"^net-snmp$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp");

flag = 0;

if (solaris_check_release(release:"0.5.11-0.175.2.3.0.4.1", sru:"SRU 11.2.3.4.1") > 0) flag++;

if (flag)
{
  error_extra = 'Affected package : net-snmp\n' + solaris_get_report2();
  error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
  if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "net-snmp");
VendorProductVersionCPE
oraclesolaris11.2cpe:/o:oracle:solaris:11.2
oraclesolarisnet-snmpp-cpe:/a:oracle:solaris:net-snmp

Related

prion 2
openvas 17
fedora 3
nessus 15
debiancve 2
cvelist 2
ubuntucve 2
veracode 2
cve 2
mageia 1
f5 2
centos 1
amazon 1
oraclelinux 1
redhat 1
securityvulns 4
gentoo 1
ubuntu 1
prion
prion
Code injection
2013-12-13 18:55:00
Design/Logic Flaw
2014-04-17 14:55:00
openvas
openvas
Fedora Update for net-snmp FEDORA-2013-22919
2014-01-10 00:00:00
Mageia: Security Advisory (MGASA-2014-0019)
2022-01-28 00:00:00
Fedora Update for net-snmp FEDORA-2013-22949
2014-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: net-snmp-5.7.2-16.fc20
2014-01-07 09:47:46
[SECURITY] Fedora 19 Update: net-snmp-5.7.2-13.fc19
2014-01-07 09:35:39
[SECURITY] Fedora 18 Update: net-snmp-5.7.2-7.fc18
2014-01-07 09:40:13
nessus
nessus
Mandriva Linux Security Advisory : net-snmp (MDVSA-2014:017)
2014-01-23 00:00:00
Fedora 19 : net-snmp-5.7.2-13.fc19 (2013-22919)
2014-01-08 00:00:00
Fedora 20 : net-snmp-5.7.2-16.fc20 (2013-22809)
2014-01-08 00:00:00
debiancve
debiancve
CVE-2012-6151
2013-12-13 18:55:00
CVE-2014-2310
2014-04-17 14:55:00
cvelist
cvelist
CVE-2012-6151
2013-12-13 17:00:00
CVE-2014-2310
2014-04-17 14:00:00
ubuntucve
ubuntucve
CVE-2012-6151
2013-12-13 00:00:00
CVE-2014-2310
2014-03-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:52:11
Denial Of Service (DoS)
2019-05-02 05:01:56
cve
cve
CVE-2012-6151
2013-12-13 18:55:00
CVE-2014-2310
2014-04-17 14:55:00
mageia
mageia
Updated net-snmp packages fix CVE-2012-6151
2014-01-21 20:16:21
f5
f5
SOL16476 - NET-SNMP vulnerability CVE-2012-6151
2015-04-21 00:00:00
K16476 : NET-SNMP vulnerability CVE-2012-6151
2015-07-24 00:00:00
centos
centos
net security update
2014-03-24 20:45:45
amazon
amazon
Medium: net-snmp
2014-03-24 23:39:00
oraclelinux
oraclelinux
net-snmp security update
2014-03-24 00:00:00
redhat
redhat
(RHSA-2014:0322) Moderate: net-snmp security update
2014-03-24 00:00:00
securityvulns
securityvulns
Net-SNMP multiple security vulnerabilities
2014-05-04 00:00:00
[USN-2166-1] Net-SNMP vulnerabilities
2014-05-04 00:00:00
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
gentoo
gentoo
Net-SNMP: Denial of service
2014-09-01 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2014-04-14 00:00:00
JSON
Related for SOLARIS11_NET-SNMP_20141014.NASL
prion2openvas17fedora3nessus15debiancve2cvelist2ubuntucve2veracode2cve2mageia1f52centos1amazon1oraclelinux1redhat1securityvulns4gentoo1ubuntu1