ID CVE-2012-2141
Summary Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
References
Vulnerable Configurations
  • Net-SNMP Net-SNMP 5.7.1
    cpe:2.3:a:net-snmp:net-snmp:5.7.1
CVSS
Base: 3.5 (as of 14-12-2015 - 12:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201409-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201409-02 (Net-SNMP: Denial of Service) Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77471
    published 2014-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77471
    title GLSA-201409-02 : Net-SNMP: Denial of Service
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_NET-SNMP_20141216.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. (CVE-2014-2285) - snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. (CVE-2014-3565)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80708
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80708
    title Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_2141_denial_of)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0124.NASL
    description From Red Hat Security Advisory 2013:0124 : Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes : * Devices that used certain file systems were not reported in the 'HOST-RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table. (BZ#754652, BZ#755958, BZ#822061) * The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the '-c' option. This update describes correctly that multiple configuration files must be separated by a comma. (BZ#760001) * Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892) * snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. (BZ#799699) * snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. (BZ#803585) * snmpd ignored the '-e' parameter of the 'trapsess' option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring 'trapsess' with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the 'trapsess -e' parameter in the configuration file. (BZ#805689) * snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. (BZ#818259) * snmpd ignored the port number of the 'clientaddr' option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the 'clientaddr' option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. (BZ#828691) * snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the 'monitor' option in the '/etc/snmp/snmpd.conf' configuration file. As a consequence, snmpd was not fully initialized and the error message 'failed to run mteTrigger query' appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. (BZ#830042) Users of net-snmp should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68695
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68695
    title Oracle Linux 5 : net-snmp (ELSA-2013-0124)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5D85976A901111E1B5E0000C299B62E1.NASL
    description The Red Hat Security Response Team reports : An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 58889
    published 2012-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58889
    title FreeBSD : net-snmp -- Remote DoS (5d85976a-9011-11e1-b5e0-000c299b62e1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBSNMP15-120709.NASL
    description This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service (application crash) via a heap-based out-out-bounds read flaw which could be exploited remotely. (CVE-2012-2141) - The snmpd agent should read shared memory information from /proc/meminfo when running on Linux Kernel 2.6 or newer. (bnc#762887) - The snmpd agent could crash when an AgentX sub-agent disconnects in the middle of a request. (bnc#670789) - After rotating the net-snmp log file, use 'try-restart' to restart the daemon. Reloading with a SIGHUP signal may trigger crashes when dynamic modules (dlmod) are in use. (bnc#762433)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64194
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64194
    title SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-299.NASL
    description SNMP GET request involving on a non-existent extension table entry could crash snmpd
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74638
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74638
    title openSUSE Security Update : net-snmp (openSUSE-SU-2012:0659-1)
  • NASL family Misc.
    NASL id CITRIX_NETSCALER_ADC_MULTIPLE.NASL
    description The remote Citrix NetScaler version is affected by multiple vulnerabilities : - A denial of service vulnerability in the VM Virtual Machine Daemon. Please note that this particular vulnerability does not apply to Citrix NetScaler 10.1. (CVE-2013-6938) - A denial of service vulnerability in the Application Delivery Controller RADIUS authentication. (CVE-2013-6939) - An authenticated denial of service in the SNMP daemon. (CVE-2012-2142) - An unspecified authentication disclosure in the Application Delivery Controller. (CVE-2013-6940) - An unspecified shell breakout in the Application Delivery Controller firmware. (CVE-2013-6941) - An unspecified LDAP username injection vulnerability in the Application Delivery Controller. (CVE-2013-6943) - A cross-site scripting vulnerability in the AAA TM vServer user interface. (CVE-2013-6944)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 73205
    published 2014-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73205
    title Citrix NetScaler Application Delivery Controller Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0876.NASL
    description From Red Hat Security Advisory 2012:0876 : Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68556
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68556
    title Oracle Linux 6 : net-snmp (ELSA-2012-0876)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-97.NASL
    description An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69704
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69704
    title Amazon Linux AMI : net-snmp (ALAS-2012-97)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-099.NASL
    description A vulnerability has been discovered and corrected in net-snmp : An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry (CVE-2012-2141). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 59653
    published 2012-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59653
    title Mandriva Linux Security Advisory : net-snmp (MDVSA-2012:099)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NET-SNMP-8153.NASL
    description This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service (application crash) via a heap-based out-out-bounds read flaw which could be exploited remotely. (CVE-2012-2141) - After rotating the net-snmp log file, use 'try-restart' to restart the daemon. Reloading with a SIGHUP signal may trigger crashes when dynamic modules (dlmod) are in use. (bnc#762433)
    last seen 2019-02-21
    modified 2012-08-16
    plugin id 60060
    published 2012-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60060
    title SuSE 10 Security Update : net-snmp (ZYPP Patch Number 8153)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120620_NET_SNMP_ON_SL6_X.NASL
    description The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61342
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61342
    title Scientific Linux Security Update : net-snmp on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0876.NASL
    description Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59592
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59592
    title RHEL 6 : net-snmp (RHSA-2012:0876)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0124.NASL
    description Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes : * Devices that used certain file systems were not reported in the 'HOST-RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table. (BZ#754652, BZ#755958, BZ#822061) * The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the '-c' option. This update describes correctly that multiple configuration files must be separated by a comma. (BZ#760001) * Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892) * snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. (BZ#799699) * snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. (BZ#803585) * snmpd ignored the '-e' parameter of the 'trapsess' option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring 'trapsess' with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the 'trapsess -e' parameter in the configuration file. (BZ#805689) * snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. (BZ#818259) * snmpd ignored the port number of the 'clientaddr' option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the 'clientaddr' option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. (BZ#828691) * snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the 'monitor' option in the '/etc/snmp/snmpd.conf' configuration file. As a consequence, snmpd was not fully initialized and the error message 'failed to run mteTrigger query' appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. (BZ#830042) Users of net-snmp should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63407
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63407
    title RHEL 5 : net-snmp (RHSA-2013:0124)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1450-1.NASL
    description It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59254
    published 2012-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59254
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : net-snmp vulnerability (USN-1450-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0124.NASL
    description Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes : * Devices that used certain file systems were not reported in the 'HOST-RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table. (BZ#754652, BZ#755958, BZ#822061) * The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the '-c' option. This update describes correctly that multiple configuration files must be separated by a comma. (BZ#760001) * Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892) * snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. (BZ#799699) * snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. (BZ#803585) * snmpd ignored the '-e' parameter of the 'trapsess' option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring 'trapsess' with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the 'trapsess -e' parameter in the configuration file. (BZ#805689) * snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. (BZ#818259) * snmpd ignored the port number of the 'clientaddr' option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the 'clientaddr' option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. (BZ#828691) * snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the 'monitor' option in the '/etc/snmp/snmpd.conf' configuration file. As a consequence, snmpd was not fully initialized and the error message 'failed to run mteTrigger query' appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. (BZ#830042) Users of net-snmp should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63569
    published 2013-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63569
    title CentOS 5 : net-snmp (CESA-2013:0124)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0876.NASL
    description Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59927
    published 2012-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59927
    title CentOS 6 : net-snmp (CESA-2012:0876)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130108_NET_SNMP_ON_SL5_X.NASL
    description An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the 'extend' directive (in '/etc/snmp/snmpd.conf') could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes : - Devices that used certain file systems were not reported in the 'HOST- RESOURCES-MIB::hrStorageTable' table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table. - The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the '-c' option. This update describes correctly that multiple configuration files must be separated by a comma. - Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. - snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. - snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. - snmpd ignored the '-e' parameter of the 'trapsess' option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring 'trapsess' with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the 'trapsess -e' parameter in the configuration file. - snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. - snmpd ignored the port number of the 'clientaddr' option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the 'clientaddr' option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. - snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the 'monitor' option in the '/etc/snmp/snmpd.conf' configuration file. As a consequence, snmpd was not fully initialized and the error message 'failed to run mteTrigger query' appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 63600
    published 2013-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63600
    title Scientific Linux Security Update : net-snmp on SL5.x i386/x86_64
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15883.NASL
    description Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. (CVE-2012-2141)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 79605
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79605
    title F5 Networks BIG-IP : Net-SNMP vulnerability (K15883)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-049.NASL
    description A vulnerability has been discovered and corrected in net-snmp : An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry (CVE-2012-2141). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66063
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66063
    title Mandriva Linux Security Advisory : net-snmp (MDVSA-2013:049)
redhat via4
advisories
  • bugzilla
    id 822480
    title move /var/lib/net-snmp from net-snmp to net-snmp-libs
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment net-snmp is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876005
        • comment net-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876006
      • AND
        • comment net-snmp-devel is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876013
        • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876014
      • AND
        • comment net-snmp-libs is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876015
        • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876016
      • AND
        • comment net-snmp-perl is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876007
        • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876008
      • AND
        • comment net-snmp-python is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876009
        • comment net-snmp-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876010
      • AND
        • comment net-snmp-utils is earlier than 1:5.5-41.el6
          oval oval:com.redhat.rhsa:tst:20120876011
        • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120876012
    rhsa
    id RHSA-2012:0876
    released 2012-06-20
    severity Moderate
    title RHSA-2012:0876: net-snmp security and bug fix update (Moderate)
  • bugzilla
    id 840861
    title cannot bind to the specified port
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment net-snmp is earlier than 1:5.3.2.2-20.el5
          oval oval:com.redhat.rhsa:tst:20130124002
        • comment net-snmp is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045020
      • AND
        • comment net-snmp-devel is earlier than 1:5.3.2.2-20.el5
          oval oval:com.redhat.rhsa:tst:20130124006
        • comment net-snmp-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045022
      • AND
        • comment net-snmp-libs is earlier than 1:5.3.2.2-20.el5
          oval oval:com.redhat.rhsa:tst:20130124004
        • comment net-snmp-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045026
      • AND
        • comment net-snmp-perl is earlier than 1:5.3.2.2-20.el5
          oval oval:com.redhat.rhsa:tst:20130124010
        • comment net-snmp-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045024
      • AND
        • comment net-snmp-utils is earlier than 1:5.3.2.2-20.el5
          oval oval:com.redhat.rhsa:tst:20130124008
        • comment net-snmp-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045028
    rhsa
    id RHSA-2013:0124
    released 2013-01-08
    severity Moderate
    title RHSA-2013:0124: net-snmp security and bug fix update (Moderate)
rpms
  • net-snmp-1:5.5-41.el6
  • net-snmp-devel-1:5.5-41.el6
  • net-snmp-libs-1:5.5-41.el6
  • net-snmp-perl-1:5.5-41.el6
  • net-snmp-python-1:5.5-41.el6
  • net-snmp-utils-1:5.5-41.el6
  • net-snmp-1:5.3.2.2-20.el5
  • net-snmp-devel-1:5.3.2.2-20.el5
  • net-snmp-libs-1:5.3.2.2-20.el5
  • net-snmp-perl-1:5.3.2.2-20.el5
  • net-snmp-utils-1:5.3.2.2-20.el5
refmap via4
bid
  • 53255
  • 53258
confirm http://support.citrix.com/article/CTX139049
gentoo GLSA-201409-02
misc https://bugzilla.redhat.com/show_bug.cgi?id=815813
mlist
  • [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
  • [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
sectrack 1026984
secunia
  • 48938
  • 59974
xf netsnmp-snmpget-dos(75169)
Last major update 13-09-2014 - 01:01
Published 14-08-2012 - 18:55
Last modified 28-08-2017 - 21:31
Back to Top