Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2022-202-01
HistoryJul 21, 2022 - 6:23 p.m.

[slackware-security] net-snmp

2022-07-2118:23:54
Slackware Linux Project
www.slackware.com
21

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

New net-snmp packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/net-snmp-5.9.3-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
an out-of-bounds memory access.
A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
pointer dereference.
Improper Input Validation when SETing malformed OIDs in master agent and
subagent simultaneously.
A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
can cause an out-of-bounds memory access.
A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
NULL pointer dereference.
A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
dereference.
For more information, see:
https://vulners.com/cve/CVE-2022-24805
https://vulners.com/cve/CVE-2022-24809
https://vulners.com/cve/CVE-2022-24806
https://vulners.com/cve/CVE-2022-24807
https://vulners.com/cve/CVE-2022-24808
https://vulners.com/cve/CVE-2022-24810
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/net-snmp-5.9.3-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/net-snmp-5.9.3-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/net-snmp-5.9.3-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
05b8aad483941e2587cff66fa357fa08 net-snmp-5.9.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
5beebc819894c94bedbc531d47cfe497 net-snmp-5.9.3-x86_64-1_slack15.0.txz

Slackware -current package:
64a9d688e3b36d1635c201b36c2de2d3 n/net-snmp-5.9.3-i586-1.txz

Slackware x86_64 -current package:
c2c0fdd59ad729ba15037a15c0aaca02 n/net-snmp-5.9.3-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg net-snmp-5.9.3-i586-1_slack15.0.txz

Related

nessus 22
gentoo 1
debian 2
osv 10
ubuntu 2
fedora 1
amazon 1
mageia 1
photon 2
ubuntucve 6
redhatcve 6
debiancve 6
veracode 3
alpinelinux 6
cve 6
nessus
nessus
EulerOS 2.0 SP8 : net-snmp (EulerOS-SA-2022-2474)
2022-10-09 00:00:00
Debian DSA-5209-1 : net-snmp - security update
2022-08-17 00:00:00
Amazon Linux 2 : net-snmp (ALAS-2023-2366)
2023-12-04 00:00:00
gentoo
gentoo
Net-SNMP: Multiple Vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DLA 3088-1] net-snmp security update
2022-08-30 21:26:32
[SECURITY] [DSA 5209-1] net-snmp security update
2022-08-16 20:06:51
osv
osv
net-snmp - security update
2022-08-16 00:00:00
net-snmp vulnerabilities
2022-08-01 14:24:47
net-snmp - security update
2022-08-30 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2022-08-01 00:00:00
Net-SNMP vulnerabilities
2023-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: net-snmp-5.9.3-1.fc36
2022-08-09 01:25:47
amazon
amazon
Medium: net-snmp
2023-11-29 22:20:00
mageia
mageia
Updated net-snmp packages fix security vulnerability
2022-08-29 08:07:41
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0590
2023-06-01 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0401
2023-06-02 00:00:00
ubuntucve
ubuntucve
CVE-2022-24809
2022-07-08 00:00:00
CVE-2022-24808
2022-07-08 00:00:00
CVE-2022-24810
2022-07-08 00:00:00
redhatcve
redhatcve
CVE-2022-24809
2022-07-01 17:56:41
CVE-2022-24810
2022-07-01 17:56:47
CVE-2022-24808
2022-07-01 17:56:37
debiancve
debiancve
CVE-2022-24809
2024-04-16 20:15:09
CVE-2022-24810
2024-04-16 20:15:09
CVE-2022-24808
2024-04-16 20:15:08
veracode
veracode
NULL Pointer Dereference
2022-07-25 08:48:14
Denial Of Service (DoS)
2022-07-25 09:59:51
Out-Of-Bounds Write
2022-07-25 10:12:24
alpinelinux
alpinelinux
CVE-2022-24810
2024-04-16 20:15:09
CVE-2022-24809
2024-04-16 20:15:09
CVE-2022-24808
2024-04-16 20:15:08
cve
cve
CVE-2022-24809
2024-04-16 20:15:09
CVE-2022-24810
2024-04-16 20:15:09
CVE-2022-24805
2024-04-16 20:15:07

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON
Related for SSA-2022-202-01
nessus22gentoo1debian2osv10ubuntu2fedora1amazon1mageia1photon2ubuntucve6redhatcve6debiancve6veracode3alpinelinux6cve6