You are here
Home > Preporuke > Sigurnosni propusti programskog paketa net-snmp

Sigurnosni propusti programskog paketa net-snmp

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2166-1
April 14, 2014

net-snmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Net-SNMP could be made to crash if it received specially crafted network
traffic.

Software Description:
– net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A
remote attacker could use this issue to cause the server to crash or to
hang, resulting in a denial of service. (CVE-2012-6151)

It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A
remote attacker could use this issue to cause the server to crash,
resulting in a denial of service. This issue only affected Ubuntu 13.10.
(CVE-2014-2284)

Viliam Púčik discovered that the Net-SNMP perl trap handler incorrectly
handled NULL arguments. A remote attacker could use this issue to cause the
server to crash, resulting in a denial of service. (CVE-2014-2285)

It was discovered that Net-SNMP incorrectly handled AgentX multi-object
requests. A remote attacker could use this issue to cause the server to
hang, resulting in a denial of service. This issue only affected Ubuntu
10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2014-2310)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libsnmp30 5.7.2~dfsg-8ubuntu1.1

Ubuntu 12.10:
libsnmp15 5.4.3~dfsg-2.5ubuntu1.1

Ubuntu 12.04 LTS:
libsnmp15 5.4.3~dfsg-2.4ubuntu1.2

Ubuntu 10.04 LTS:
libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2166-1
CVE-2012-6151, CVE-2014-2284, CVE-2014-2285, CVE-2014-2310

Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.7.2~dfsg-8ubuntu1.1
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.5ubuntu1.1
https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.2
https://launchpad.net/ubuntu/+source/net-snmp/5.4.2.1~dfsg0ubuntu1-0ubuntu2.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTS9/lAAoJEGVp2FWnRL6TyTQP/i3HemiIqKcUMEGRF7UCs5uC
38+mItgmYmAlKrtEywQk4J9EyZMv0eCYeL1rVlrBMVhJcIYFZJkR+9sDRlvrdWl0
JN2qJ5qjbFEgV/dfLUQPRFPI40eie4GR7aQpeWj74FfvjlnwfPRB7+ZqdDLXqP/u
ar5SPvpTmt3QggbOznhAe2uh/LLSQtNy2Gla8EbqsepITzPWTKPdEQOihyCk059V
MIEZK9SeRKijvDQ50GDqB/RLuBarKQwAlOro4gMYruatmfvf5pt1w+DyFg3N8M6u
mGhrfm0BKIBn/QCVBigWJworo3+PqyPFAv+hpoG0rFWNGI7EQQ48wMBGK1vR2rgB
IQP7OuHT2O3mCChqMVKgxpyVmoUjzknfdJ/1txEZ/GdDG59SuLB2FhkEgXZIJLld
nuEdzOnlKXdG1WoBfLWbim2YOHnpVMJMx2uj2DGALu1QLy5cHn8fD63fYAPKVemn
Xbn+nVc98fRrQjAn1JsnpwcZfxbIKkZ5WPWMBvX/MS204sePiC+PHOb/4mNgDKJQ
intk4mMnoenTDLNSxS83pSQlroPZTUAliwhKbKL4EW8sV8N1pWQQqe3Tm9ujpG7F
7F8LAequlxiS6hcGpyMJ0WVS5GNRtewZi4QAKZiqy6Fbbv+QAaaVdRHrVqNqizlH
cQGmPmB9lkJsGi+z8el+
=spUy
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-04-0010-ADV
CveCVE-2012-6151 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310
ID izvornikaUSN-2166-1
Proizvodnet-snmp
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivosti programskog paketa php-ZendFramework

Otkrivene su XML eXternal Entity (XXE) i XML Entity Expansion (XEE) ranjivosti programskog paketa php-ZendFramework koje su mogle biti iskorištene...

Close