{"id": "RHSA-2014:0321", "hash": "35baea75bdd2bd78afb4ddbc46338589", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0321) Moderate: net-snmp security and bug fix update", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n", "published": "2014-03-24T04:00:00", "modified": "2018-06-06T20:24:25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2014:0321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-2284"], "lastseen": "2019-08-13T18:46:19", "history": [{"bulletin": {"id": "RHSA-2014:0321", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0321) Moderate: net-snmp security and bug fix update", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n", "published": "2014-03-24T04:00:00", "modified": "2017-03-03T17:36:40", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-2284"], "lastseen": "2017-03-06T11:18:37", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "i686", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-utils", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-utils", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-utils", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-perl", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-python", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-perl", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-perl", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-perl", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-python", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-utils", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390.rpm", "OSVersion": "6", "packageName": "net-snmp-devel", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "src", "packageFilename": "net-snmp-5.5-49.el6_5.1.src.rpm", "OSVersion": "6", "packageName": "net-snmp", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "x86_64", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.x86_64.rpm", "OSVersion": "6", "packageName": "net-snmp-python", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-debuginfo", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "i686", "packageFilename": "net-snmp-5.5-49.el6_5.1.i686.rpm", "OSVersion": "6", "packageName": "net-snmp", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "ppc64", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc64.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-libs", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}, {"arch": "s390x", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.s390x.rpm", "OSVersion": "6", "packageName": "net-snmp-python", "OS": "RedHat", "packageVersion": "5.5-49.el6_5.1", "operator": "lt"}]}, "lastseen": "2017-03-06T11:18:37", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2014:0321", "hash": "656169c75b22cc5a06c9a9cff4cea570", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0321) Moderate: net-snmp security and bug fix update", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n", "published": "2014-03-24T04:00:00", "modified": "2018-06-06T20:24:25", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-2284"], "lastseen": "2018-06-06T18:04:43", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T18:04:43", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2014:0321", "hash": "73d721ac66cdbcfe2fc4b8ea9cb584e3", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0321) Moderate: net-snmp security and bug fix update", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n", "published": "2014-03-24T04:00:00", "modified": "2018-06-06T20:24:25", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-2284"], "lastseen": "2018-12-11T19:42:33", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2284"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-0321.NASL", "CENTOS_RHSA-2014-0321.NASL", "FEDORA_2014-3423.NASL", "ORACLELINUX_ELSA-2014-0321.NASL", "SL_20140324_NET_SNMP_ON_SL6_X.NASL", "FEDORA_2014-3427.NASL", "OPENSUSE-2014-227.NASL", "ALA_ALAS-2014-316.NASL", "ORACLEVM_OVMSA-2015-0099.NASL", "MANDRIVA_MDVSA-2015-092.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881908", "OPENVAS:867589", "OPENVAS:1361412562310871146", "OPENVAS:881908", "OPENVAS:867605", "OPENVAS:1361412562310123442", "OPENVAS:871146", "OPENVAS:1361412562310867605", "OPENVAS:1361412562310867589", "OPENVAS:1361412562310120355"]}, {"type": "centos", "idList": ["CESA-2014:0321"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0321"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30380", "SECURITYVULNS:VULN:13625", "SECURITYVULNS:DOC:31950", "SECURITYVULNS:VULN:14418", "SECURITYVULNS:DOC:30592", "SECURITYVULNS:VULN:13725"]}, {"type": "amazon", "idList": ["ALAS-2014-316"]}, {"type": "ubuntu", "idList": ["USN-2166-1"]}, {"type": "gentoo", "idList": ["GLSA-201409-02"]}], "modified": "2018-12-11T19:42:33"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T19:42:33", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "RHSA-2014:0321", "hash": "149448df26c7732fdab97220b00601c1", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0321) Moderate: net-snmp security and bug fix update", "description": "The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n", "published": "2014-03-24T04:00:00", "modified": "2018-06-06T20:24:25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2014:0321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-2284"], "lastseen": "2019-05-29T14:35:35", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-05-29T14:35:35"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2284"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0321"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2014-0321.NASL", "SL_20140324_NET_SNMP_ON_SL6_X.NASL", "FEDORA_2014-3423.NASL", "ORACLELINUX_ELSA-2014-0321.NASL", "REDHAT-RHSA-2014-0321.NASL", "FEDORA_2014-3427.NASL", "ALA_ALAS-2014-316.NASL", "OPENSUSE-2014-227.NASL", "ORACLEVM_OVMSA-2015-0099.NASL", "MANDRIVA_MDVSA-2015-092.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123442", "OPENVAS:881908", "OPENVAS:1361412562310867605", "OPENVAS:871146", "OPENVAS:1361412562310881908", "OPENVAS:1361412562310871146", "OPENVAS:1361412562310120355", "OPENVAS:867589", "OPENVAS:867605", "OPENVAS:1361412562310867589"]}, {"type": "centos", "idList": ["CESA-2014:0321"]}, {"type": "amazon", "idList": ["ALAS-2014-316"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13625", "SECURITYVULNS:DOC:30380", "SECURITYVULNS:DOC:31950", "SECURITYVULNS:VULN:14418", "SECURITYVULNS:DOC:30592", "SECURITYVULNS:VULN:13725"]}, {"type": "ubuntu", "idList": ["USN-2166-1"]}, {"type": "gentoo", "idList": ["GLSA-201409-02"]}], "modified": "2019-05-29T14:35:35"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:35:35", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 2, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-08-13T18:46:19"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2284"]}, {"type": "nessus", "idList": ["FEDORA_2014-3423.NASL", "CENTOS_RHSA-2014-0321.NASL", "SL_20140324_NET_SNMP_ON_SL6_X.NASL", "FEDORA_2014-3427.NASL", "REDHAT-RHSA-2014-0321.NASL", "ORACLELINUX_ELSA-2014-0321.NASL", "ALA_ALAS-2014-316.NASL", "OPENSUSE-2014-227.NASL", "ORACLEVM_OVMSA-2015-0099.NASL", "MANDRIVA_MDVSA-2015-092.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120355", "OPENVAS:1361412562310871146", "OPENVAS:867589", "OPENVAS:1361412562310123442", "OPENVAS:881908", "OPENVAS:1361412562310867605", "OPENVAS:871146", "OPENVAS:1361412562310881908", "OPENVAS:867605", "OPENVAS:1361412562310867589"]}, {"type": "centos", "idList": ["CESA-2014:0321"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0321"]}, {"type": "amazon", "idList": ["ALAS-2014-316"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13625", "SECURITYVULNS:DOC:30380", "SECURITYVULNS:DOC:31950", "SECURITYVULNS:VULN:14418", "SECURITYVULNS:DOC:30592", "SECURITYVULNS:VULN:13725"]}, {"type": "gentoo", "idList": ["GLSA-201409-02"]}, {"type": "ubuntu", "idList": ["USN-2166-1"]}], "modified": "2019-08-13T18:46:19"}, "vulnersScore": 5.4}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-python", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-python-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-debuginfo", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-debuginfo-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "net-snmp", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-5.5-49.el6_5.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-perl", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-perl-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "net-snmp-libs", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-libs-5.5-49.el6_5.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "net-snmp-devel", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-devel-5.5-49.el6_5.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "net-snmp-utils", "packageVersion": "5.5-49.el6_5.1", "packageFilename": "net-snmp-utils-5.5-49.el6_5.1.s390x.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.", "modified": "2014-09-13T05:25:00", "id": "CVE-2014-2284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2284", "published": "2014-03-24T16:43:00", "title": "CVE-2014-2284", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:00", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0321\n\n\nThe net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020224.html\n\n**Affected packages:**\nnet-snmp\nnet-snmp-devel\nnet-snmp-libs\nnet-snmp-perl\nnet-snmp-python\nnet-snmp-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0321.html", "modified": "2014-03-24T20:46:56", "published": "2014-03-24T20:46:56", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020224.html", "id": "CESA-2014:0321", "title": "net security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120355", "title": "Amazon Linux Local Check: ALAS-2014-316", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-316.nasl 6759 2017-07-19 09:56:33Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120355\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:29 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-316\");\n script_tag(name:\"insight\", value:\"A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284 )\");\n script_tag(name:\"solution\", value:\"Run yum update net-snmp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-316.html\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:53", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-07-10T00:00:00", "published": "2014-03-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867589", "id": "OPENVAS:867589", "title": "Fedora Update for net-snmp FEDORA-2014-3427", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for net-snmp FEDORA-2014-3427\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867589);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:19:33 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for net-snmp FEDORA-2014-3427\");\n\n tag_insight = \"SNMP (Simple Network Management Protocol) is a protocol used for\nnetwork management. The NET-SNMP project includes various SNMP tools:\nan extensible agent, an SNMP library, tools for requesting or setting\ninformation from SNMP agents, tools for generating and handling SNMP\ntraps, a version of the netstat command which uses SNMP, and a Tk/Perl\nmib browser. This package contains the snmpd and snmptrapd daemons,\ndocumentation, etc.\n\nYou will probably also want to install the net-snmp-utils package,\nwhich contains NET-SNMP utilities.\n\";\n\n tag_affected = \"net-snmp on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3427\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130021.html\");\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310871146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871146", "title": "RedHat Update for net-snmp RHSA-2014:0321-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for net-snmp RHSA-2014:0321-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871146\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:25:26 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for net-snmp RHSA-2014:0321-01\");\n\n\n script_tag(name:\"affected\", value:\"net-snmp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n * The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0321-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00030.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-17T00:00:00", "id": "OPENVAS:1361412562310867589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867589", "title": "Fedora Update for net-snmp FEDORA-2014-3427", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for net-snmp FEDORA-2014-3427\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867589\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:19:33 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for net-snmp FEDORA-2014-3427\");\n script_tag(name:\"affected\", value:\"net-snmp on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3427\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130021.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:49:04", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-07-10T00:00:00", "published": "2014-03-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867605", "id": "OPENVAS:867605", "title": "Fedora Update for net-snmp FEDORA-2014-3423", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for net-snmp FEDORA-2014-3423\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867605);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:45:37 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for net-snmp FEDORA-2014-3423\");\n\n tag_insight = \"SNMP (Simple Network Management Protocol) is a protocol used for\nnetwork management. The NET-SNMP project includes various SNMP tools:\nan extensible agent, an SNMP library, tools for requesting or setting\ninformation from SNMP agents, tools for generating and handling SNMP\ntraps, a version of the netstat command which uses SNMP, and a Tk/Perl\nmib browser. This package contains the snmpd and snmptrapd daemons,\ndocumentation, etc.\n\nYou will probably also want to install the net-snmp-utils package,\nwhich contains NET-SNMP utilities.\n\";\n\n tag_affected = \"net-snmp on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3423\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130026.html\");\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~14.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:49:06", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-07-12T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871146", "id": "OPENVAS:871146", "title": "RedHat Update for net-snmp RHSA-2014:0321-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for net-snmp RHSA-2014:0321-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871146);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:25:26 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for net-snmp RHSA-2014:0321-01\");\n\n tag_insight = \"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n\";\n\n tag_affected = \"net-snmp on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0321-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00030.html\");\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-debuginfo\", rpm:\"net-snmp-debuginfo~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:16", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0321", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123442", "title": "Oracle Linux Local Check: ELSA-2014-0321", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0321.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123442\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0321\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0321 - net-snmp security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0321\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0321.html\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.0.1.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-17T00:00:00", "id": "OPENVAS:1361412562310867605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867605", "title": "Fedora Update for net-snmp FEDORA-2014-3423", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for net-snmp FEDORA-2014-3423\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867605\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:45:37 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for net-snmp FEDORA-2014-3423\");\n script_tag(name:\"affected\", value:\"net-snmp on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3423\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.7.2~14.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:22", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-07-10T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881908", "id": "OPENVAS:881908", "title": "CentOS Update for net-snmp CESA-2014:0321 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for net-snmp CESA-2014:0321 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881908);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:43 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for net-snmp CESA-2014:0321 centos6 \");\n\n tag_insight = \"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n* The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\n\";\n\n tag_affected = \"net-snmp on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0321\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020224.html\");\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310881908", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881908", "title": "CentOS Update for net-snmp CESA-2014:0321 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for net-snmp CESA-2014:0321 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881908\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:43 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for net-snmp CESA-2014:0321 centos6\");\n\n script_tag(name:\"affected\", value:\"net-snmp on CentOS 6\");\n script_tag(name:\"insight\", value:\"The net-snmp packages provide various libraries and tools for the Simple\nNetwork Management Protocol (SNMP), including an SNMP library, an\nextensible agent, tools for requesting or setting information from SNMP\nagents, tools for generating and handling SNMP traps, a version of the\nnetstat command which uses SNMP, and a Tk/Perl Management Information Base\n(MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function\nin the ICMP-MIB implementation processed Internet Control Message Protocol\n(ICMP) message statistics reported in the /proc/net/snmp file. A remote\nattacker could send a message for each ICMP message type, which could\npotentially cause the snmpd service to crash when processing the\n/proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug:\n\n * The snmpd service parses the /proc/diskstats file to track disk usage\nstatistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number\nof block devices, /proc/diskstats may be large in size and parsing it can\ntake a non-trivial amount of CPU time. With this update, Net-SNMP\nintroduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which\ncan be used to explicitly specify devices that should be monitored.\nOnly these whitelisted devices are then reported in\nUCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with\nnumerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the snmpd service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0321\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-March/020224.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'net-snmp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-libs\", rpm:\"net-snmp-libs~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-perl\", rpm:\"net-snmp-perl~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-python\", rpm:\"net-snmp-python~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-utils\", rpm:\"net-snmp-utils~5.5~49.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:20:54", "bulletinFamily": "scanner", "description": "A denial of service attack vector was discovered on the Linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-3423.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72971", "published": "2014-03-13T00:00:00", "title": "Fedora 19 : net-snmp-5.7.2-14.fc19 (2014-3423)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3423.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72971);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2284\");\n script_bugtraq_id(65867);\n script_xref(name:\"FEDORA\", value:\"2014-3423\");\n\n script_name(english:\"Fedora 19 : net-snmp-5.7.2-14.fc19 (2014-3423)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service attack vector was discovered on the Linux\nimplementation of the ICMP-MIB. This release fixes this bug and all\nusers are encouraged to update their SNMP agent if they make use of\nthe ICMP-MIB table objects.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1070396\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130026.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1729204\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"net-snmp-5.7.2-14.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:59", "bulletinFamily": "scanner", "description": "Updated net-snmp packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the snmpd service will be restarted automatically.", "modified": "2019-01-02T00:00:00", "id": "REDHAT-RHSA-2014-0321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73174", "published": "2014-03-25T00:00:00", "title": "RHEL 6 : net-snmp (RHSA-2014:0321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0321. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73174);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2014-2284\");\n script_bugtraq_id(65867);\n script_xref(name:\"RHSA\", value:\"2014:0321\");\n\n script_name(english:\"RHEL 6 : net-snmp (RHSA-2014:0321)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated net-snmp packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg()\nfunction in the ICMP-MIB implementation processed Internet Control\nMessage Protocol (ICMP) message statistics reported in the\n/proc/net/snmp file. A remote attacker could send a message for each\nICMP message type, which could potentially cause the snmpd service to\ncrash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk\nusage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a\nlarge number of block devices, /proc/diskstats may be large in size\nand parsing it can take a non-trivial amount of CPU time. With this\nupdate, Net-SNMP introduces a new option, 'diskio', in the\n/etc/snmp/snmpd.conf file, which can be used to explicitly specify\ndevices that should be monitored. Only these whitelisted devices are\nthen reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd\non systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the snmpd service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2284\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0321\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-debuginfo-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-devel-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"net-snmp-libs-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-perl-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-perl-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-perl-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-python-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-python-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-python-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"net-snmp-utils-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"net-snmp-utils-5.5-49.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.5-49.el6_5.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-debuginfo / net-snmp-devel / net-snmp-libs / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:59", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0321 :\n\nUpdated net-snmp packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the snmpd service will be restarted automatically.", "modified": "2019-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2014-0321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73172", "published": "2014-03-25T00:00:00", "title": "Oracle Linux 6 : net-snmp (ELSA-2014-0321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0321 and \n# Oracle Linux Security Advisory ELSA-2014-0321 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73172);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2014-2284\");\n script_bugtraq_id(65867);\n script_xref(name:\"RHSA\", value:\"2014:0321\");\n\n script_name(english:\"Oracle Linux 6 : net-snmp (ELSA-2014-0321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0321 :\n\nUpdated net-snmp packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg()\nfunction in the ICMP-MIB implementation processed Internet Control\nMessage Protocol (ICMP) message statistics reported in the\n/proc/net/snmp file. A remote attacker could send a message for each\nICMP message type, which could potentially cause the snmpd service to\ncrash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk\nusage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a\nlarge number of block devices, /proc/diskstats may be large in size\nand parsing it can take a non-trivial amount of CPU time. With this\nupdate, Net-SNMP introduces a new option, 'diskio', in the\n/etc/snmp/snmpd.conf file, which can be used to explicitly specify\ndevices that should be monitored. Only these whitelisted devices are\nthen reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd\non systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the snmpd service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-March/004032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-5.5-49.0.1.el6_5.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-devel-5.5-49.0.1.el6_5.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-libs-5.5-49.0.1.el6_5.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-perl-5.5-49.0.1.el6_5.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-python-5.5-49.0.1.el6_5.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"net-snmp-utils-5.5-49.0.1.el6_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-devel / net-snmp-libs / net-snmp-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:54", "bulletinFamily": "scanner", "description": "A denial of service attack vector was discovered on the Linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-3427.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72972", "published": "2014-03-13T00:00:00", "title": "Fedora 20 : net-snmp-5.7.2-17.fc20 (2014-3427)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3427.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72972);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2284\");\n script_bugtraq_id(65867);\n script_xref(name:\"FEDORA\", value:\"2014-3427\");\n\n script_name(english:\"Fedora 20 : net-snmp-5.7.2-17.fc20 (2014-3427)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service attack vector was discovered on the Linux\nimplementation of the ICMP-MIB. This release fixes this bug and all\nusers are encouraged to update their SNMP agent if they make use of\nthe ICMP-MIB table objects.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1070396\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ea31800\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"net-snmp-5.7.2-17.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "Updated net-snmp packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the snmpd service will be restarted automatically.", "modified": "2018-11-28T00:00:00", "id": "CENTOS_RHSA-2014-0321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73162", "published": "2014-03-25T00:00:00", "title": "CentOS 6 : net-snmp (CESA-2014:0321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0321 and \n# CentOS Errata and Security Advisory 2014:0321 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73162);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2014-2284\");\n script_bugtraq_id(65867);\n script_xref(name:\"RHSA\", value:\"2014:0321\");\n\n script_name(english:\"CentOS 6 : net-snmp (CESA-2014:0321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated net-snmp packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe net-snmp packages provide various libraries and tools for the\nSimple Network Management Protocol (SNMP), including an SNMP library,\nan extensible agent, tools for requesting or setting information from\nSNMP agents, tools for generating and handling SNMP traps, a version\nof the netstat command which uses SNMP, and a Tk/Perl Management\nInformation Base (MIB) browser.\n\nA buffer overflow flaw was found in the way the decode_icmp_msg()\nfunction in the ICMP-MIB implementation processed Internet Control\nMessage Protocol (ICMP) message statistics reported in the\n/proc/net/snmp file. A remote attacker could send a message for each\nICMP message type, which could potentially cause the snmpd service to\ncrash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n* The snmpd service parses the /proc/diskstats file to track disk\nusage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a\nlarge number of block devices, /proc/diskstats may be large in size\nand parsing it can take a non-trivial amount of CPU time. With this\nupdate, Net-SNMP introduces a new option, 'diskio', in the\n/etc/snmp/snmpd.conf file, which can be used to explicitly specify\ndevices that should be monitored. Only these whitelisted devices are\nthen reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd\non systems with numerous block devices. (BZ#990674)\n\nAll net-snmp users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the snmpd service will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-March/020224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf584c3d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-devel-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-libs-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-perl-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-python-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"net-snmp-utils-5.5-49.el6_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:59", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n - The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO- MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices.\n\nAfter installing this update, the snmpd service will be restarted automatically.", "modified": "2018-12-28T00:00:00", "id": "SL_20140324_NET_SNMP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73177", "published": "2014-03-25T00:00:00", "title": "Scientific Linux Security Update : net-snmp on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73177);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-2284\");\n\n script_name(english:\"Scientific Linux Security Update : net-snmp on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way the decode_icmp_msg()\nfunction in the ICMP-MIB implementation processed Internet Control\nMessage Protocol (ICMP) message statistics reported in the\n/proc/net/snmp file. A remote attacker could send a message for each\nICMP message type, which could potentially cause the snmpd service to\ncrash when processing the /proc/net/snmp file. (CVE-2014-2284)\n\nThis update also fixes the following bug :\n\n - The snmpd service parses the /proc/diskstats file to\n track disk usage statistics for\n UCD-DISKIO-MIB::diskIOTable. On systems with a large\n number of block devices, /proc/diskstats may be large in\n size and parsing it can take a non-trivial amount of CPU\n time. With this update, Net-SNMP introduces a new\n option, 'diskio', in the /etc/snmp/snmpd.conf file,\n which can be used to explicitly specify devices that\n should be monitored. Only these whitelisted devices are\n then reported in UCD-DISKIO- MIB::diskIOTable, thus\n speeding up snmpd on systems with numerous block\n devices.\n\nAfter installing this update, the snmpd service will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=2089\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?307b381f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-debuginfo-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-devel-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-libs-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-perl-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-python-5.5-49.el6_5.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"net-snmp-utils-5.5-49.el6_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:59", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-316.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73235", "published": "2014-03-28T00:00:00", "title": "Amazon Linux AMI : net-snmp (ALAS-2014-316)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-316.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73235);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-6151\", \"CVE-2014-2284\");\n script_xref(name:\"ALAS\", value:\"2014-316\");\n script_xref(name:\"RHSA\", value:\"2014:0321\");\n\n script_name(english:\"Amazon Linux AMI : net-snmp (ALAS-2014-316)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way the decode_icmp_msg()\nfunction in the ICMP-MIB implementation processed Internet Control\nMessage Protocol (ICMP) message statistics reported in the\n/proc/net/snmp file. A remote attacker could send a message for each\nICMP message type, which could potentially cause the snmpd service to\ncrash when processing the /proc/net/snmp file. (CVE-2014-2284)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-316.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update net-snmp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-debuginfo-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-devel-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-libs-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-perl-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-python-5.5-49.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"net-snmp-utils-5.5-49.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-debuginfo / net-snmp-devel / net-snmp-libs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:36", "bulletinFamily": "scanner", "description": "net-snmp was updated to fix potential remote denial of service problems :\n\n - fixed a potential remote denial of service problem within the Linux ICMP-MIB implementation (CVE-2014-2284)(bnc#866942)\n\n - fixed a potential remote denial of service problem inside the snmptrapd Perl trap handler (CVE-2014-2285)(bnc#866942)", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2014-227.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75300", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : net-snmp (openSUSE-SU-2014:0398-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-227.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75300);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2014-2284\", \"CVE-2014-2285\");\n\n script_name(english:\"openSUSE Security Update : net-snmp (openSUSE-SU-2014:0398-1)\");\n script_summary(english:\"Check for the openSUSE-2014-227 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"net-snmp was updated to fix potential remote denial of service\nproblems :\n\n - fixed a potential remote denial of service problem\n within the Linux ICMP-MIB implementation\n (CVE-2014-2284)(bnc#866942)\n\n - fixed a potential remote denial of service problem\n inside the snmptrapd Perl trap handler\n (CVE-2014-2285)(bnc#866942)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected net-snmp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsnmp30-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:net-snmp-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-SNMP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-SNMP-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libsnmp30-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libsnmp30-debuginfo-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"net-snmp-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"net-snmp-debuginfo-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"net-snmp-debugsource-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"net-snmp-devel-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-SNMP-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-SNMP-debuginfo-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"snmp-mibs-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libsnmp30-32bit-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-32bit-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"net-snmp-devel-32bit-5.7.2-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsnmp30-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsnmp30-debuginfo-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-debuginfo-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-debugsource-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-devel-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-python-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"net-snmp-python-debuginfo-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-SNMP-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-SNMP-debuginfo-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"snmp-mibs-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsnmp30-32bit-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsnmp30-debuginfo-32bit-5.7.2-9.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"net-snmp-devel-32bit-5.7.2-9.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:45", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373]\n\n - Quicker loading of IP-MIB::ipAddrTable (#1191393)\n\n - Quicker loading of IP-MIB::ipAddressTable (#1191393)\n\n - Fixed snmptrapd crash when '-OQ' parameter is used and invalid trap is received (#CVE-2014-3565)\n\n - added faster caching into IP-MIB::ipNetToMediaTable (#789500)\n\n - fixed compilation with '-Werror=format-security' (#1181994)\n\n - added clear error message when port specified in 'clientaddrr' config option cannot be bound (#886468)\n\n - fixed error check in IP-MIB::ipAddressTable (#1012430)\n\n - fixed agentx client crash on failed response (#1023570)\n\n - fixed dashes in net-snmp-config.h (#1034441)\n\n - fixed crash on monitor trigger (#1050970)\n\n - fixed 'netsnmp_assert 1 == new_val->high failed' message in system log (#1065210)\n\n - fixed parsing of 64bit counters from SMUX subagents (#1069046)\n\n - Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines with >100 CPUs (#1070075)\n\n - fixed net-snmp-create-v3-user to have the same content on 32 and 64bit installations (#1073544)\n\n - fixed IPADDRESS value length in Python bindings (#1100099)\n\n - fixed hrStorageTable to contain 31 bits integers (#1104293)\n\n - fixed links to developer man pages (#1119567)\n\n - fixed storageUseNFS functionality in hrStorageTable (#1125793)\n\n - fixed netsnmp_set Python bindings call truncating at the first '\\000' character (#1126914)\n\n - fixed log level of SMUX messages (#1140234)\n\n - use python/README to net-snmp-python subpackage (#1157373)\n\n - fixed forwarding of traps with RequestID=0 in snmptrapd (#1146948)\n\n - fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)\n\n - fixed close overhead of extend commands (#1188295)\n\n - fixed lmSensorsTable not reporting sensors with duplicate names (#967871)\n\n - fixed hrDeviceTable with interfaces with large ifIndex (#1195547)\n\n - added 'diskio' option to snmpd.conf, it's possible to monitor only selected devices in diskIOTable (#990674)\n\n - fixed CVE-2014-2284: denial of service flaw in Linux implementation of ICMP-MIB (#1073223)\n\n - added cache to hrSWRunTable to provide consistent results (#1007634)\n\n - skip 'mvfs' (ClearCase) when skipNFSInHostResources is enabled (#1073237)\n\n - fixed snmptrapd crashing on forwarding SNMPv3 traps (#1131844)\n\n - fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)\n\n - fixed snmp daemons and utilities crashing in FIPS mode (#1001830)\n\n - added support of btrfs filesystem in hrStorageTable (#1006706)\n\n - fixed issues found by static analysis tools\n\n - restored ABI of read_configs_* functions\n\n - fixed parsing of bulk responses (#983116)\n\n - added support of vzfs filesystem in hrStorageTable (#989498)\n\n - fixed endless loop when parsing sendmail configuration file with queue groups (#991213)\n\n - fixed potential memory leak on realloc failure when processing 'extend' option (#893119)\n\n - added precise enumeration of configuration files searched to snmp_config(5) man page (#907571)\n\n - set permissions of snmpd.conf and snmptrapd conf to 0600 (#919239)\n\n - fixed kernel threads in hrSWRunTable (#919952)\n\n - fixed various error codes in Python module (#955771)\n\n - fixed snmpd crashing in the middle of agentx request processing when a subagent disconnects (#955511)\n\n - allow 'includeFile' and 'includeDir' options in configuration files (#917816)\n\n - fixed netlink message size (#927474)\n\n - fixed IF-MIB::ifSpeedHi on systems with non-standard interface speeds (#947973)\n\n - fixed BRIDGE-MIB::dot1dBasePortTable not to include the bridge itself as a port (#960568)\n\n - fixed snmpd segfault when 'agentaddress' configuration options is used and too many SIGHUP signals are received (#968898)\n\n - updated UCD-SNMP-MIB::dskTable to dynamically add/remove disks if 'includeAllDisks' is specified in snmpd.conf (#922691)\n\n - fixed crash when parsing invalid SNMP packets (#953926)\n\n - fixed snmpd crashing with 'exec' command with no arguments in snmpd.conf (#919259)", "modified": "2018-07-24T00:00:00", "id": "ORACLEVM_OVMSA-2015-0099.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85140", "published": "2015-07-31T00:00:00", "title": "OracleVM 3.3 : net-snmp (OVMSA-2015-0099)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0099.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85140);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2014-2284\", \"CVE-2014-3565\");\n script_bugtraq_id(65867, 69477);\n\n script_name(english:\"OracleVM 3.3 : net-snmp (OVMSA-2015-0099)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Add Oracle ACFS to hrStorage (John Haxby) [orabug\n 18510373]\n\n - Quicker loading of IP-MIB::ipAddrTable (#1191393)\n\n - Quicker loading of IP-MIB::ipAddressTable (#1191393)\n\n - Fixed snmptrapd crash when '-OQ' parameter is used and\n invalid trap is received (#CVE-2014-3565)\n\n - added faster caching into IP-MIB::ipNetToMediaTable\n (#789500)\n\n - fixed compilation with '-Werror=format-security'\n (#1181994)\n\n - added clear error message when port specified in\n 'clientaddrr' config option cannot be bound (#886468)\n\n - fixed error check in IP-MIB::ipAddressTable (#1012430)\n\n - fixed agentx client crash on failed response (#1023570)\n\n - fixed dashes in net-snmp-config.h (#1034441)\n\n - fixed crash on monitor trigger (#1050970)\n\n - fixed 'netsnmp_assert 1 == new_val->high failed' message\n in system log (#1065210)\n\n - fixed parsing of 64bit counters from SMUX subagents\n (#1069046)\n\n - Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines\n with >100 CPUs (#1070075)\n\n - fixed net-snmp-create-v3-user to have the same content\n on 32 and 64bit installations (#1073544)\n\n - fixed IPADDRESS value length in Python bindings\n (#1100099)\n\n - fixed hrStorageTable to contain 31 bits integers\n (#1104293)\n\n - fixed links to developer man pages (#1119567)\n\n - fixed storageUseNFS functionality in hrStorageTable\n (#1125793)\n\n - fixed netsnmp_set Python bindings call truncating at the\n first '\\000' character (#1126914)\n\n - fixed log level of SMUX messages (#1140234)\n\n - use python/README to net-snmp-python subpackage\n (#1157373)\n\n - fixed forwarding of traps with RequestID=0 in snmptrapd\n (#1146948)\n\n - fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)\n\n - fixed close overhead of extend commands (#1188295)\n\n - fixed lmSensorsTable not reporting sensors with\n duplicate names (#967871)\n\n - fixed hrDeviceTable with interfaces with large ifIndex\n (#1195547)\n\n - added 'diskio' option to snmpd.conf, it's possible to\n monitor only selected devices in diskIOTable (#990674)\n\n - fixed CVE-2014-2284: denial of service flaw in Linux\n implementation of ICMP-MIB (#1073223)\n\n - added cache to hrSWRunTable to provide consistent\n results (#1007634)\n\n - skip 'mvfs' (ClearCase) when skipNFSInHostResources is\n enabled (#1073237)\n\n - fixed snmptrapd crashing on forwarding SNMPv3 traps\n (#1131844)\n\n - fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)\n\n - fixed snmp daemons and utilities crashing in FIPS mode\n (#1001830)\n\n - added support of btrfs filesystem in hrStorageTable\n (#1006706)\n\n - fixed issues found by static analysis tools\n\n - restored ABI of read_configs_* functions\n\n - fixed parsing of bulk responses (#983116)\n\n - added support of vzfs filesystem in hrStorageTable\n (#989498)\n\n - fixed endless loop when parsing sendmail configuration\n file with queue groups (#991213)\n\n - fixed potential memory leak on realloc failure when\n processing 'extend' option (#893119)\n\n - added precise enumeration of configuration files\n searched to snmp_config(5) man page (#907571)\n\n - set permissions of snmpd.conf and snmptrapd conf to 0600\n (#919239)\n\n - fixed kernel threads in hrSWRunTable (#919952)\n\n - fixed various error codes in Python module (#955771)\n\n - fixed snmpd crashing in the middle of agentx request\n processing when a subagent disconnects (#955511)\n\n - allow 'includeFile' and 'includeDir' options in\n configuration files (#917816)\n\n - fixed netlink message size (#927474)\n\n - fixed IF-MIB::ifSpeedHi on systems with non-standard\n interface speeds (#947973)\n\n - fixed BRIDGE-MIB::dot1dBasePortTable not to include the\n bridge itself as a port (#960568)\n\n - fixed snmpd segfault when 'agentaddress' configuration\n options is used and too many SIGHUP signals are received\n (#968898)\n\n - updated UCD-SNMP-MIB::dskTable to dynamically add/remove\n disks if 'includeAllDisks' is specified in snmpd.conf\n (#922691)\n\n - fixed crash when parsing invalid SNMP packets (#953926)\n\n - fixed snmpd crashing with 'exec' command with no\n arguments in snmpd.conf (#919259)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000349.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected net-snmp / net-snmp-libs / net-snmp-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:net-snmp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"net-snmp-5.5-54.0.1.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"net-snmp-libs-5.5-54.0.1.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"net-snmp-utils-5.5-54.0.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-libs / net-snmp-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:50", "bulletinFamily": "scanner", "description": "Updated net-snmp packages fix security vulnerabilities :\n\nRemotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects (CVE-2014-2284).\n\nRemotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled (CVE-2014-2285).\n\nA remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash (CVE-2014-3565).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2015-092.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82345", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : net-snmp (MDVSA-2015:092)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:092. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82345);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-2284\", \"CVE-2014-2285\", \"CVE-2014-3565\");\n script_xref(name:\"MDVSA\", value:\"2015:092\");\n\n script_name(english:\"Mandriva Linux Security Advisory : net-snmp (MDVSA-2015:092)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated net-snmp packages fix security vulnerabilities :\n\nRemotely exploitable denial of service vulnerability in Net-SNMP, in\nthe Linux implementation of the ICMP-MIB, making the SNMP agent\nvulnerable if it is making use of the ICMP-MIB table objects\n(CVE-2014-2284).\n\nRemotely exploitable denial of service vulnerability in Net-SNMP, in\nsnmptrapd, due to how it handles trap requests with an empty community\nstring when the perl handler is enabled (CVE-2014-2285).\n\nA remote denial-of-service flaw was found in the way snmptrapd handled\ncertain SNMP traps when started with the -OQ option. If an attacker\nsent an SNMP trap containing a variable with a NULL type where an\ninteger variable type was expected, it would cause snmptrapd to crash\n(CVE-2014-3565).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0122.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0371.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64net-snmp-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64net-snmp30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-tkmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-trapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-NetSNMP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-netsnmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64net-snmp-devel-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64net-snmp-static-devel-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64net-snmp30-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"net-snmp-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"net-snmp-mibs-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"net-snmp-tkmib-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"net-snmp-trapd-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"net-snmp-utils-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"perl-NetSNMP-5.7.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python-netsnmp-5.7.2-14.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "unix", "description": "[1:5.5-49.0.1.el6_5.1]\n- snmptrapd: Fix crash due to access of freed memory (John Haxby) [orabug 14404682]\n[1:5.5-49.1]\n- added 'diskio' option to snmpd.conf, it's possible to monitor only selected\n devices in diskIOTable (#990674)\n- fixed CVE-2014-2284: denial of service flaw in Linux implementation of\n ICMP-MIB (#1073222)", "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "ELSA-2014-0321", "href": "http://linux.oracle.com/errata/ELSA-2014-0321.html", "title": "net-snmp security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:51", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. ([CVE-2014-2284 __](<https://access.redhat.com/security/cve/CVE-2014-2284>))\n\n \n**Affected Packages:** \n\n\nnet-snmp\n\n \n**Issue Correction:** \nRun _yum update net-snmp_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n net-snmp-5.5-49.18.amzn1.i686 \n net-snmp-libs-5.5-49.18.amzn1.i686 \n net-snmp-utils-5.5-49.18.amzn1.i686 \n net-snmp-perl-5.5-49.18.amzn1.i686 \n net-snmp-devel-5.5-49.18.amzn1.i686 \n net-snmp-debuginfo-5.5-49.18.amzn1.i686 \n net-snmp-python-5.5-49.18.amzn1.i686 \n \n src: \n net-snmp-5.5-49.18.amzn1.src \n \n x86_64: \n net-snmp-debuginfo-5.5-49.18.amzn1.x86_64 \n net-snmp-python-5.5-49.18.amzn1.x86_64 \n net-snmp-perl-5.5-49.18.amzn1.x86_64 \n net-snmp-utils-5.5-49.18.amzn1.x86_64 \n net-snmp-devel-5.5-49.18.amzn1.x86_64 \n net-snmp-libs-5.5-49.18.amzn1.x86_64 \n net-snmp-5.5-49.18.amzn1.x86_64 \n \n \n", "modified": "2014-09-18T00:06:00", "published": "2014-09-18T00:06:00", "id": "ALAS-2014-316", "href": "https://alas.aws.amazon.com/ALAS-2014-316.html", "title": "Medium: net-snmp", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:052\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : net-snmp\r\n Date : March 13, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated net-snmp packages fix two vulnerabilities:\r\n \r\n Remotely exploitable denial of service vulnerability in Net-SNMP,\r\n in the Linux implementation of the ICMP-MIB, making the SNMP\r\n agent vulnerable if it is making use of the ICMP-MIB table objects\r\n &#40;CVE-2014-2284&#41;.\r\n \r\n Remotely exploitable denial of service vulnerability in Net-SNMP,\r\n in snmptrapd, due to how it handles trap requests with an empty\r\n community string when the perl handler is enabled &#40;CVE-2014-2285&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=\r\n http://advisories.mageia.org/MGASA-2014-0122.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 75e24feeb05a77c70995a9a1175da857 mbs1/x86_64/lib64net-snmp30-5.7.2-1.1.mbs1.x86_64.rpm\r\n 2eda4de0bd258d015818e0b18de62453 mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.1.mbs1.x86_64.rpm\r\n 280aa9c311cd4373fd0001ad0b1ac3b3 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.1.mbs1.x86_64.rpm\r\n e2e77246cbcf195d3842c029e3e17f80 mbs1/x86_64/net-snmp-5.7.2-1.1.mbs1.x86_64.rpm\r\n 832ac7ed2bbdc701173d3042d862f8b6 mbs1/x86_64/net-snmp-mibs-5.7.2-1.1.mbs1.x86_64.rpm\r\n dbde6cc67a4610c2d2a1aa23e30f2417 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.1.mbs1.x86_64.rpm\r\n 5c2a7541316aa4f4eddfe19fe04fd97f mbs1/x86_64/net-snmp-trapd-5.7.2-1.1.mbs1.x86_64.rpm\r\n 87162adb1b12d29070b53257ceeef286 mbs1/x86_64/net-snmp-utils-5.7.2-1.1.mbs1.x86_64.rpm\r\n 7e2681b068903c4e28dd5d31ca37ef70 mbs1/x86_64/perl-NetSNMP-5.7.2-1.1.mbs1.x86_64.rpm\r\n ed8bcbc6470482d1e78567d06e8e608a mbs1/x86_64/python-netsnmp-5.7.2-1.1.mbs1.x86_64.rpm \r\n 5c6e6b75f38386964efe4340b2436873 mbs1/SRPMS/net-snmp-5.7.2-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFTIV4rmqjQ0CJFipgRAgWkAJ45l7yEOU6KIy3ySIumvZB0eShVQwCfW1Bh\r\nzMDFEhf4YiB6foTD9u+uUPs=\r\n=STrP\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:DOC:30380", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30380", "title": "[ MDVSA-2014:052 ] net-snmp", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Few DoS conditions.", "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:VULN:13625", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13625", "title": "Net-SNMP DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "Multiple DoS conditions.", "modified": "2015-04-20T00:00:00", "published": "2015-04-20T00:00:00", "id": "SECURITYVULNS:VULN:14418", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14418", "title": "snmplib / snmpd DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:092\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : net-snmp\r\n Date : March 28, 2015\r\n Affected: Business Server 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated net-snmp packages fix security vulnerabilities:\r\n \r\n Remotely exploitable denial of service vulnerability in Net-SNMP,\r\n in the Linux implementation of the ICMP-MIB, making the SNMP\r\n agent vulnerable if it is making use of the ICMP-MIB table objects\r\n &#40;CVE-2014-2284&#41;.\r\n \r\n Remotely exploitable denial of service vulnerability in Net-SNMP,\r\n in snmptrapd, due to how it handles trap requests with an empty\r\n community string when the perl handler is enabled &#40;CVE-2014-2285&#41;.\r\n \r\n A remote denial-of-service flaw was found in the way snmptrapd handled\r\n certain SNMP traps when started with the -OQ option. If an attacker\r\n sent an SNMP trap containing a variable with a NULL type where an\r\n integer variable type was expected, it would cause snmptrapd to crash\r\n &#40;CVE-2014-3565&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565\r\n http://advisories.mageia.org/MGASA-2014-0122.html\r\n http://advisories.mageia.org/MGASA-2014-0371.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 2/X86_64:\r\n db108bc819bb011d352ac1be23005ae8 mbs2/x86_64/lib64net-snmp30-5.7.2-14.1.mbs2.x86_64.rpm\r\n 10d0754baaebe770c0accea30a4c570b mbs2/x86_64/lib64net-snmp-devel-5.7.2-14.1.mbs2.x86_64.rpm\r\n f3c20caeb88eee898508110847de93c1 mbs2/x86_64/lib64net-snmp-static-devel-5.7.2-14.1.mbs2.x86_64.rpm\r\n 85a8e55a06278248c6d55ed71781d4ae mbs2/x86_64/net-snmp-5.7.2-14.1.mbs2.x86_64.rpm\r\n dd6b3752ffc3abfa799752d6c68be260 mbs2/x86_64/net-snmp-mibs-5.7.2-14.1.mbs2.x86_64.rpm\r\n dff402077edcdbbbb43876ab37f17c63 mbs2/x86_64/net-snmp-tkmib-5.7.2-14.1.mbs2.x86_64.rpm\r\n e5dd0695599ce24250e9c56398ae708a mbs2/x86_64/net-snmp-trapd-5.7.2-14.1.mbs2.x86_64.rpm\r\n 73e35840936e48e76813ee9aa563e5db mbs2/x86_64/net-snmp-utils-5.7.2-14.1.mbs2.x86_64.rpm\r\n 3fcb54fc22046478a1f4fe25bfb3fbfc mbs2/x86_64/perl-NetSNMP-5.7.2-14.1.mbs2.x86_64.rpm\r\n f7faf7abe0cb4119a24aa1eb7b4e88e2 mbs2/x86_64/python-netsnmp-5.7.2-14.1.mbs2.x86_64.rpm \r\n 70325be4b29a38030ee30a1bea4c0a40 mbs2/SRPMS/net-snmp-5.7.2-14.1.mbs2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFVFnIkmqjQ0CJFipgRApj2AJ4siseZB35ENesBHXAJd354ztjc2wCg4i9a\r\nCVlceu1C+yhzzsfXCVXUd5g=\r\n=mTTW\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-04-20T00:00:00", "published": "2015-04-20T00:00:00", "id": "SECURITYVULNS:DOC:31950", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31950", "title": "[ MDVSA-2015:092 ] net-snmp", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2166-1\r\nApril 14, 2014\r\n\r\nnet-snmp vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nNet-SNMP could be made to crash if it received specially crafted network\r\ntraffic.\r\n\r\nSoftware Description:\r\n- net-snmp: SNMP &#40;Simple Network Management Protocol&#41; server and applications\r\n\r\nDetails:\r\n\r\nKen Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A\r\nremote attacker could use this issue to cause the server to crash or to\r\nhang, resulting in a denial of service. &#40;CVE-2012-6151&#41;\r\n\r\nIt was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A\r\nremote attacker could use this issue to cause the server to crash,\r\nresulting in a denial of service. This issue only affected Ubuntu 13.10.\r\n&#40;CVE-2014-2284&#41;\r\n\r\nViliam Pucik discovered that the Net-SNMP perl trap handler incorrectly\r\nhandled NULL arguments. A remote attacker could use this issue to cause the\r\nserver to crash, resulting in a denial of service. &#40;CVE-2014-2285&#41;\r\n\r\nIt was discovered that Net-SNMP incorrectly handled AgentX multi-object\r\nrequests. A remote attacker could use this issue to cause the server to\r\nhang, resulting in a denial of service. This issue only affected Ubuntu\r\n10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 12.10. &#40;CVE-2014-2310&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libsnmp30 5.7.2~dfsg-8ubuntu1.1\r\n\r\nUbuntu 12.10:\r\n libsnmp15 5.4.3~dfsg-2.5ubuntu1.1\r\n\r\nUbuntu 12.04 LTS:\r\n libsnmp15 5.4.3~dfsg-2.4ubuntu1.2\r\n\r\nUbuntu 10.04 LTS:\r\n libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2166-1\r\n CVE-2012-6151, CVE-2014-2284, CVE-2014-2285, CVE-2014-2310\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.7.2~dfsg-8ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.5ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/net-snmp/5.4.2.1~dfsg0ubuntu1-0ubuntu2.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30592", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30592", "title": "[USN-2166-1] Net-SNMP vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Multiple DoS conditions.", "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13725", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13725", "title": "Net-SNMP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:40", "bulletinFamily": "unix", "description": "Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. (CVE-2012-6151)\n\nIt was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2014-2284)\n\nViliam P\u00fa\u010dik discovered that the Net-SNMP perl trap handler incorrectly handled NULL arguments. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-2285)\n\nIt was discovered that Net-SNMP incorrectly handled AgentX multi-object requests. A remote attacker could use this issue to cause the server to hang, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2014-2310)", "modified": "2014-04-14T00:00:00", "published": "2014-04-14T00:00:00", "id": "USN-2166-1", "href": "https://usn.ubuntu.com/2166-1/", "title": "Net-SNMP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nNet-SNMP bundles software for generating and retrieving SNMP data.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could create a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll net-snmp users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=net-analyzer/net-snmp-5.7.3_pre3\"", "modified": "2014-09-01T00:00:00", "published": "2014-09-01T00:00:00", "id": "GLSA-201409-02", "href": "https://security.gentoo.org/glsa/201409-02", "type": "gentoo", "title": "Net-SNMP: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}