Vulnerabilities > CVE-2018-1000116 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0037.NASL description An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111297 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111297 title Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111297); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-12627", "CVE-2017-18207", "CVE-2018-1303", "CVE-2018-2573", "CVE-2018-2583", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2703", "CVE-2018-6594", "CVE-2018-6951", "CVE-2018-7208", "CVE-2018-7549", "CVE-2018-7643", "CVE-2018-7738", "CVE-2018-7750", "CVE-2018-8740", "CVE-2018-1000030", "CVE-2018-1000116", "CVE-2018-1000117", "CVE-2018-1000132" ); script_bugtraq_id( 102678, 102681, 102682, 102704, 102706, 102708, 102709, 102710, 103044, 103077, 103219, 103264, 103367, 103466, 103522, 103713, 104527 ); script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-37 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-4.ph2", "binutils-debuginfo-2.30-4.ph2", "binutils-devel-2.30-4.ph2", "mercurial-4.5.3-1.ph2", "mercurial-debuginfo-4.5.3-1.ph2", "mysql-5.7.21-1.ph2", "mysql-debuginfo-5.7.21-1.ph2", "mysql-devel-5.7.21-1.ph2", "net-snmp-5.7.3-8.ph2", "net-snmp-debuginfo-5.7.3-8.ph2", "net-snmp-devel-5.7.3-8.ph2", "paramiko-2.1.5-1.ph2", "patch-2.7.5-5.ph2", "patch-debuginfo-2.7.5-5.ph2", "pmd-python2-0.0.5-5.ph2", "pmd-python3-0.0.5-5.ph2", "pycrypto-2.6.1-4.ph2", "pycrypto-debuginfo-2.6.1-4.ph2", "python2-2.7.13-12.ph2", "python2-debuginfo-2.7.13-12.ph2", "python2-devel-2.7.13-12.ph2", "python2-libs-2.7.13-12.ph2", "python2-test-2.7.13-12.ph2", "python2-tools-2.7.13-12.ph2", "python3-3.6.5-1.ph2", "python3-curses-3.6.5-1.ph2", "python3-debuginfo-3.6.5-1.ph2", "python3-devel-3.6.5-1.ph2", "python3-libs-3.6.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-pip-3.6.5-1.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-setuptools-3.6.5-1.ph2", "python3-test-3.6.5-1.ph2", "python3-tools-3.6.5-1.ph2", "python3-xml-3.6.5-1.ph2", "sqlite-3.22.0-2.ph2", "sqlite-debuginfo-3.22.0-2.ph2", "sqlite-devel-3.22.0-2.ph2", "sqlite-libs-3.22.0-2.ph2", "util-linux-2.32-1.ph2", "util-linux-debuginfo-2.32-1.ph2", "util-linux-devel-2.32-1.ph2", "util-linux-lang-2.32-1.ph2", "util-linux-libs-2.32-1.ph2", "xerces-c-3.2.1-1.ph2", "xerces-c-debuginfo-3.2.1-1.ph2", "xerces-c-devel-3.2.1-1.ph2", "zsh-5.3.1-6.ph2", "zsh-debuginfo-5.3.1-6.ph2", "zsh-html-5.3.1-6.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1636.NASL description Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 85464 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85464 title CentOS 6 / 7 : net-snmp (CESA-2015:1636) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1636 and # CentOS Errata and Security Advisory 2015:1636 respectively. # include("compat.inc"); if (description) { script_id(85464); script_version("2.8"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-5621", "CVE-2018-1000116"); script_xref(name:"RHSA", value:"2015:1636"); script_name(english:"CentOS 6 / 7 : net-snmp (CESA-2015:1636)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2015-August/021335.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?214d8632" ); # https://lists.centos.org/pipermail/centos-announce/2015-August/021338.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?41f6eed2" ); script_set_attribute( attribute:"solution", value:"Update the affected net-snmp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5621"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-agent-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"net-snmp-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-devel-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-libs-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-perl-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-python-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-utils-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-agent-libs-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-devel-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-gui-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-libs-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-perl-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-python-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-sysvinit-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-utils-5.7.2-20.el7_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp / net-snmp-agent-libs / net-snmp-devel / net-snmp-gui / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-AF3BE80746.NASL description Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120708 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120708 title Fedora 28 : 1:net-snmp (2018-af3be80746) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-af3be80746. # include("compat.inc"); if (description) { script_id(120708); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1000116"); script_xref(name:"FEDORA", value:"2018-af3be80746"); script_name(english:"Fedora 28 : 1:net-snmp (2018-af3be80746)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-af3be80746" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:net-snmp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"net-snmp-5.7.3-36.fc28", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:net-snmp"); }
NASL family CGI abuses NASL id DRAC_2018_03_20.NASL description The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.52.52.52 and is therefore affected by multiple vulnerabilities. last seen 2020-05-21 modified 2018-04-20 plugin id 109208 published 2018-04-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109208 title Dell iDRAC Products Multiple Vulnerabilities (Mar 2018) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(109208); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2018-1207", "CVE-2018-1211", "CVE-2018-1000116"); script_bugtraq_id(103694, 103768); script_name(english:"Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)"); script_summary(english:"Checks the iDRAC version."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.52.52.52 and is therefore affected by multiple vulnerabilities."); # http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6063b726"); script_set_attribute(attribute:"solution", value: "Update the iDRAC firmware to 2.52.52.52 or higher."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1207"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:remote_access_card"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac7"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac8"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("drac_detect.nasl"); script_require_keys("installed_sw/iDRAC"); script_require_ports("Services/www", 443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "iDRAC"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:443, embedded:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; fw_version = install['Firmware Version']; install_url = build_url(port:port, qs:dir); if (version !~ "^(7|8)") audit(AUDIT_WRONG_WEB_SERVER, port, "Neither iDRAC7 nor iDRAC8 and therefore is not affected"); fix = '2.52.52.52'; if(ver_compare(ver:fw_version, fix:"1.0", strict:FALSE) >= 1 && ver_compare(ver:fw_version, fix:fix, strict:FALSE) == -1) { items = make_array( "URL", install_url, "iDRAC version", version, "Firmware version", fw_version, "Fixed version", fix ); order = make_list("URL", "iDRAC version", "Firmware version", "Fixed version"); report = report_items_str(report_items:items, ordered_fields:order); security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); } else { audit(AUDIT_WEB_APP_NOT_AFFECTED, app + version, install_url, fw_version); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2316.NASL description According to the version of the net-snmp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131481 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131481 title EulerOS Virtualization for ARM 64 3.0.3.0 : net-snmp (EulerOS-SA-2019-2316) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131481); script_version("1.2"); script_cvs_date("Date: 2019/12/10"); script_cve_id( "CVE-2018-1000116" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : net-snmp (EulerOS-SA-2019-2316)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the net-snmp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2316 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2f6f8b42"); script_set_attribute(attribute:"solution", value: "Update the affected net-snmp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-agent-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["net-snmp-5.8-1.eulerosv2r8", "net-snmp-agent-libs-5.8-1.eulerosv2r8", "net-snmp-libs-5.8-1.eulerosv2r8", "net-snmp-utils-5.8-1.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0126.NASL description An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111930 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111930 title Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111930); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-9022", "CVE-2017-9023", "CVE-2017-12627", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-18207", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-2573", "CVE-2018-2583", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2703", "CVE-2018-6594", "CVE-2018-6951", "CVE-2018-7208", "CVE-2018-7643", "CVE-2018-7750", "CVE-2018-8740", "CVE-2018-1000116", "CVE-2018-1000117", "CVE-2018-1000132" ); script_name(english:"Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-126 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22ce6999"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-3.ph1", "binutils-debuginfo-2.30-3.ph1", "binutils-devel-2.30-3.ph1", "httpd-2.4.33-1.ph1", "httpd-debuginfo-2.4.33-1.ph1", "httpd-devel-2.4.33-1.ph1", "httpd-docs-2.4.33-1.ph1", "httpd-tools-2.4.33-1.ph1", "mercurial-4.5.3-1.ph1", "mercurial-debuginfo-4.5.3-1.ph1", "mysql-5.7.21-1.ph1", "mysql-debuginfo-5.7.21-1.ph1", "mysql-devel-5.7.21-1.ph1", "net-snmp-5.7.3-5.ph1", "net-snmp-debuginfo-5.7.3-5.ph1", "net-snmp-devel-5.7.3-5.ph1", "paramiko-1.17.6-1.ph1", "patch-2.7.5-3.ph1", "patch-debuginfo-2.7.5-3.ph1", "pycrypto-2.6.1-5.ph1", "pycrypto-debuginfo-2.6.1-5.ph1", "python3-3.5.4-2.ph1", "python3-debuginfo-3.5.4-2.ph1", "python3-devel-3.5.4-2.ph1", "python3-libs-3.5.4-2.ph1", "python3-paramiko-1.17.6-1.ph1", "python3-pycrypto-2.6.1-5.ph1", "python3-tools-3.5.4-2.ph1", "sqlite-autoconf-3.22.0-2.ph1", "sqlite-autoconf-debuginfo-3.22.0-2.ph1", "strongswan-5.5.2-1.ph1", "strongswan-debuginfo-5.5.2-1.ph1", "xerces-c-3.2.1-1.ph1", "xerces-c-debuginfo-3.2.1-1.ph1", "xerces-c-devel-3.2.1-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / httpd / mercurial / mysql / net / paramiko / patch / pycrypto / python3 / sqlite / strongswan / xerces"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0126_NET.NASL description An update of the net package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121825 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121825 title Photon OS 1.0: Net PHSA-2018-1.0-0126 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121825); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-1000116"); script_name(english:"Photon OS 1.0: Net PHSA-2018-1.0-0126"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the net package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-126.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-5.7.3-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-debuginfo-5.7.3-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-devel-5.7.3-5.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1636.NASL description From Red Hat Security Advisory 2015:1636 : Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 85492 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85492 title Oracle Linux 6 / 7 : net-snmp (ELSA-2015-1636) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1636.NASL description Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 85497 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85497 title RHEL 6 / 7 : net-snmp (RHSA-2015:1636) NASL family Fedora Local Security Checks NASL id FEDORA_2018-5A5F51753C.NASL description Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108499 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108499 title Fedora 26 : 1:net-snmp (2018-5a5f51753c) NASL family Fedora Local Security Checks NASL id FEDORA_2018-D64806CA1D.NASL description Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-14 plugin id 108312 published 2018-03-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108312 title Fedora 27 : 1:net-snmp (2018-d64806ca1d) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4154.NASL description A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd. last seen 2020-06-01 modified 2020-06-02 plugin id 108696 published 2018-03-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108696 title Debian DSA-4154-1 : net-snmp - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1317.NASL description It was discovered that there was a heap corruption vulnerability in the net-snmp framework which exchanges server management information in a network. For Debian 7 'Wheezy', this issue has been fixed in net-snmp version 5.7.2.1+dfsg-1+deb8u1. We recommend that you upgrade your net-snmp packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2018-03-30 modified 2018-03-29 plugin id 108607 published 2018-03-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=108607 title Debian DLA-1317-1 : net-snmp security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1436.NASL description According to the versions of the net-snmp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2018-18066) - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2015-5621) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124939 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124939 title EulerOS Virtualization 3.0.1.0 : net-snmp (EulerOS-SA-2019-1436)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://lists.debian.org/debian-lts-announce/2018/03/msg00020.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00020.html
- https://sourceforge.net/p/net-snmp/bugs/2821/
- https://sourceforge.net/p/net-snmp/bugs/2821/
- https://www.debian.org/security/2018/dsa-4154
- https://www.debian.org/security/2018/dsa-4154