Vulnerabilities > CVE-2018-1000116 - Out-of-bounds Write vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

net-snmp

debian

CWE-787

critical

nessus

NVD

Published: 2018-03-07

Updated: 2020-08-24

Summary

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.

Vulnerable Configurations

Part	Description	Count
Application	Net-Snmp NET Snmp NET Snmp 5.7.2	1
OS	Debian Debian Debian Linux 7.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0037.NASL
description	An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111297
published	2018-07-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111297
title	Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111297); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-12627", "CVE-2017-18207", "CVE-2018-1303", "CVE-2018-2573", "CVE-2018-2583", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2703", "CVE-2018-6594", "CVE-2018-6951", "CVE-2018-7208", "CVE-2018-7549", "CVE-2018-7643", "CVE-2018-7738", "CVE-2018-7750", "CVE-2018-8740", "CVE-2018-1000030", "CVE-2018-1000116", "CVE-2018-1000117", "CVE-2018-1000132" ); script_bugtraq_id( 102678, 102681, 102682, 102704, 102706, 102708, 102709, 102710, 103044, 103077, 103219, 103264, 103367, 103466, 103522, 103713, 104527 ); script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-37 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-4.ph2", "binutils-debuginfo-2.30-4.ph2", "binutils-devel-2.30-4.ph2", "mercurial-4.5.3-1.ph2", "mercurial-debuginfo-4.5.3-1.ph2", "mysql-5.7.21-1.ph2", "mysql-debuginfo-5.7.21-1.ph2", "mysql-devel-5.7.21-1.ph2", "net-snmp-5.7.3-8.ph2", "net-snmp-debuginfo-5.7.3-8.ph2", "net-snmp-devel-5.7.3-8.ph2", "paramiko-2.1.5-1.ph2", "patch-2.7.5-5.ph2", "patch-debuginfo-2.7.5-5.ph2", "pmd-python2-0.0.5-5.ph2", "pmd-python3-0.0.5-5.ph2", "pycrypto-2.6.1-4.ph2", "pycrypto-debuginfo-2.6.1-4.ph2", "python2-2.7.13-12.ph2", "python2-debuginfo-2.7.13-12.ph2", "python2-devel-2.7.13-12.ph2", "python2-libs-2.7.13-12.ph2", "python2-test-2.7.13-12.ph2", "python2-tools-2.7.13-12.ph2", "python3-3.6.5-1.ph2", "python3-curses-3.6.5-1.ph2", "python3-debuginfo-3.6.5-1.ph2", "python3-devel-3.6.5-1.ph2", "python3-libs-3.6.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-pip-3.6.5-1.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-setuptools-3.6.5-1.ph2", "python3-test-3.6.5-1.ph2", "python3-tools-3.6.5-1.ph2", "python3-xml-3.6.5-1.ph2", "sqlite-3.22.0-2.ph2", "sqlite-debuginfo-3.22.0-2.ph2", "sqlite-devel-3.22.0-2.ph2", "sqlite-libs-3.22.0-2.ph2", "util-linux-2.32-1.ph2", "util-linux-debuginfo-2.32-1.ph2", "util-linux-devel-2.32-1.ph2", "util-linux-lang-2.32-1.ph2", "util-linux-libs-2.32-1.ph2", "xerces-c-3.2.1-1.ph2", "xerces-c-debuginfo-3.2.1-1.ph2", "xerces-c-devel-3.2.1-1.ph2", "zsh-5.3.1-6.ph2", "zsh-debuginfo-5.3.1-6.ph2", "zsh-html-5.3.1-6.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1636.NASL
description	Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85464
published	2015-08-18
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85464
title	CentOS 6 / 7 : net-snmp (CESA-2015:1636)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1636 and # CentOS Errata and Security Advisory 2015:1636 respectively. # include("compat.inc"); if (description) { script_id(85464); script_version("2.8"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-5621", "CVE-2018-1000116"); script_xref(name:"RHSA", value:"2015:1636"); script_name(english:"CentOS 6 / 7 : net-snmp (CESA-2015:1636)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2015-August/021335.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?214d8632" ); # https://lists.centos.org/pipermail/centos-announce/2015-August/021338.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?41f6eed2" ); script_set_attribute( attribute:"solution", value:"Update the affected net-snmp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5621"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-agent-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"net-snmp-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-devel-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-libs-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-perl-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-python-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"net-snmp-utils-5.5-54.el6_7.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-agent-libs-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-devel-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-gui-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-libs-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-perl-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-python-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-sysvinit-5.7.2-20.el7_1.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"net-snmp-utils-5.7.2-20.el7_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp / net-snmp-agent-libs / net-snmp-devel / net-snmp-gui / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-AF3BE80746.NASL
description	Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120708
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120708
title	Fedora 28 : 1:net-snmp (2018-af3be80746)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-af3be80746. # include("compat.inc"); if (description) { script_id(120708); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1000116"); script_xref(name:"FEDORA", value:"2018-af3be80746"); script_name(english:"Fedora 28 : 1:net-snmp (2018-af3be80746)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-af3be80746" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:net-snmp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"net-snmp-5.7.3-36.fc28", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:net-snmp"); }

NASL family	CGI abuses
NASL id	DRAC_2018_03_20.NASL
description	The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.52.52.52 and is therefore affected by multiple vulnerabilities.
last seen	2020-05-21
modified	2018-04-20
plugin id	109208
published	2018-04-20
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109208
title	Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(109208); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2018-1207", "CVE-2018-1211", "CVE-2018-1000116"); script_bugtraq_id(103694, 103768); script_name(english:"Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)"); script_summary(english:"Checks the iDRAC version."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.52.52.52 and is therefore affected by multiple vulnerabilities."); # http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6063b726"); script_set_attribute(attribute:"solution", value: "Update the iDRAC firmware to 2.52.52.52 or higher."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1207"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:remote_access_card"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac7"); script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac8"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("drac_detect.nasl"); script_require_keys("installed_sw/iDRAC"); script_require_ports("Services/www", 443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "iDRAC"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:443, embedded:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; fw_version = install['Firmware Version']; install_url = build_url(port:port, qs:dir); if (version !~ "^(7\|8)") audit(AUDIT_WRONG_WEB_SERVER, port, "Neither iDRAC7 nor iDRAC8 and therefore is not affected"); fix = '2.52.52.52'; if(ver_compare(ver:fw_version, fix:"1.0", strict:FALSE) >= 1 && ver_compare(ver:fw_version, fix:fix, strict:FALSE) == -1) { items = make_array( "URL", install_url, "iDRAC version", version, "Firmware version", fw_version, "Fixed version", fix ); order = make_list("URL", "iDRAC version", "Firmware version", "Fixed version"); report = report_items_str(report_items:items, ordered_fields:order); security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); } else { audit(AUDIT_WEB_APP_NOT_AFFECTED, app + version, install_url, fw_version); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2316.NASL
description	According to the version of the net-snmp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131481
published	2019-12-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131481
title	EulerOS Virtualization for ARM 64 3.0.3.0 : net-snmp (EulerOS-SA-2019-2316)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131481); script_version("1.2"); script_cvs_date("Date: 2019/12/10"); script_cve_id( "CVE-2018-1000116" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : net-snmp (EulerOS-SA-2019-2316)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the net-snmp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2316 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2f6f8b42"); script_set_attribute(attribute:"solution", value: "Update the affected net-snmp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-agent-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["net-snmp-5.8-1.eulerosv2r8", "net-snmp-agent-libs-5.8-1.eulerosv2r8", "net-snmp-libs-5.8-1.eulerosv2r8", "net-snmp-utils-5.8-1.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0126.NASL
description	An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111930
published	2018-08-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111930
title	Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111930); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-9022", "CVE-2017-9023", "CVE-2017-12627", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-18207", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-2573", "CVE-2018-2583", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2703", "CVE-2018-6594", "CVE-2018-6951", "CVE-2018-7208", "CVE-2018-7643", "CVE-2018-7750", "CVE-2018-8740", "CVE-2018-1000116", "CVE-2018-1000117", "CVE-2018-1000132" ); script_name(english:"Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-126 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22ce6999"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-3.ph1", "binutils-debuginfo-2.30-3.ph1", "binutils-devel-2.30-3.ph1", "httpd-2.4.33-1.ph1", "httpd-debuginfo-2.4.33-1.ph1", "httpd-devel-2.4.33-1.ph1", "httpd-docs-2.4.33-1.ph1", "httpd-tools-2.4.33-1.ph1", "mercurial-4.5.3-1.ph1", "mercurial-debuginfo-4.5.3-1.ph1", "mysql-5.7.21-1.ph1", "mysql-debuginfo-5.7.21-1.ph1", "mysql-devel-5.7.21-1.ph1", "net-snmp-5.7.3-5.ph1", "net-snmp-debuginfo-5.7.3-5.ph1", "net-snmp-devel-5.7.3-5.ph1", "paramiko-1.17.6-1.ph1", "patch-2.7.5-3.ph1", "patch-debuginfo-2.7.5-3.ph1", "pycrypto-2.6.1-5.ph1", "pycrypto-debuginfo-2.6.1-5.ph1", "python3-3.5.4-2.ph1", "python3-debuginfo-3.5.4-2.ph1", "python3-devel-3.5.4-2.ph1", "python3-libs-3.5.4-2.ph1", "python3-paramiko-1.17.6-1.ph1", "python3-pycrypto-2.6.1-5.ph1", "python3-tools-3.5.4-2.ph1", "sqlite-autoconf-3.22.0-2.ph1", "sqlite-autoconf-debuginfo-3.22.0-2.ph1", "strongswan-5.5.2-1.ph1", "strongswan-debuginfo-5.5.2-1.ph1", "xerces-c-3.2.1-1.ph1", "xerces-c-debuginfo-3.2.1-1.ph1", "xerces-c-devel-3.2.1-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / httpd / mercurial / mysql / net / paramiko / patch / pycrypto / python3 / sqlite / strongswan / xerces"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0126_NET.NASL
description	An update of the net package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121825
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121825
title	Photon OS 1.0: Net PHSA-2018-1.0-0126
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121825); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-1000116"); script_name(english:"Photon OS 1.0: Net PHSA-2018-1.0-0126"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the net package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-126.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-5.7.3-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-debuginfo-5.7.3-5.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"net-snmp-devel-5.7.3-5.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1636.NASL
description	From Red Hat Security Advisory 2015:1636 : Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85492
published	2015-08-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85492
title	Oracle Linux 6 / 7 : net-snmp (ELSA-2015-1636)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1636.NASL
description	Updated net-snmp packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	85497
published	2015-08-18
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85497
title	RHEL 6 / 7 : net-snmp (RHSA-2015:1636)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-5A5F51753C.NASL
description	Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-21
plugin id	108499
published	2018-03-21
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108499
title	Fedora 26 : 1:net-snmp (2018-5a5f51753c)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-D64806CA1D.NASL
description	Security fix for CVE-2018-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-14
plugin id	108312
published	2018-03-14
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108312
title	Fedora 27 : 1:net-snmp (2018-d64806ca1d)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4154.NASL
description	A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd.
last seen	2020-06-01
modified	2020-06-02
plugin id	108696
published	2018-03-29
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108696
title	Debian DSA-4154-1 : net-snmp - security update

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1317.NASL
description	It was discovered that there was a heap corruption vulnerability in the net-snmp framework which exchanges server management information in a network. For Debian 7 'Wheezy', this issue has been fixed in net-snmp version 5.7.2.1+dfsg-1+deb8u1. We recommend that you upgrade your net-snmp packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2018-03-30
modified	2018-03-29
plugin id	108607
published	2018-03-27
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=108607
title	Debian DLA-1317-1 : net-snmp security update

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1436.NASL
description	According to the versions of the net-snmp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2018-1000116) - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2018-18066) - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.(CVE-2015-5621) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124939
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124939
title	EulerOS Virtualization 3.0.1.0 : net-snmp (EulerOS-SA-2019-1436)

Redhat

advisories

bugzilla

id	1212408
title	CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment net-snmp-libs is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636001
comment net-snmp-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150004
AND
comment net-snmp-utils is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636003
comment net-snmp-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150002
AND
comment net-snmp is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636005
comment net-snmp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150010
AND
comment net-snmp-devel is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636007
comment net-snmp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150008

AND

comment net-snmp-python is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636009
comment net-snmp-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150006

AND
comment net-snmp-perl is earlier than 1:5.5-54.el6_7.1
oval oval:com.redhat.rhsa:tst:20151636011
comment net-snmp-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150012

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment net-snmp-devel is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636014
comment net-snmp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150008

AND

comment net-snmp-agent-libs is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636015
comment net-snmp-agent-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151636016

AND
comment net-snmp-libs is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636017
comment net-snmp-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150004

AND

comment net-snmp-utils is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636018
comment net-snmp-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150002

AND
comment net-snmp is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636019
comment net-snmp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150010
AND
comment net-snmp-gui is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636020
comment net-snmp-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151636021

AND

comment net-snmp-python is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636022
comment net-snmp-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150006

AND
comment net-snmp-perl is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636023
comment net-snmp-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20131150012

AND

comment net-snmp-sysvinit is earlier than 1:5.7.2-20.el7_1.1
oval oval:com.redhat.rhsa:tst:20151636024
comment net-snmp-sysvinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151636025

rhsa

id	RHSA-2015:1636
released	2015-08-17
severity	Moderate
title	RHSA-2015:1636: net-snmp security update (Moderate)

rpms

net-snmp-1:5.5-54.el6_7.1
net-snmp-1:5.7.2-20.ael7b_1.1
net-snmp-1:5.7.2-20.el7_1.1
net-snmp-agent-libs-1:5.7.2-20.ael7b_1.1
net-snmp-agent-libs-1:5.7.2-20.el7_1.1
net-snmp-debuginfo-1:5.5-54.el6_7.1
net-snmp-debuginfo-1:5.7.2-20.ael7b_1.1
net-snmp-debuginfo-1:5.7.2-20.el7_1.1
net-snmp-devel-1:5.5-54.el6_7.1
net-snmp-devel-1:5.7.2-20.ael7b_1.1
net-snmp-devel-1:5.7.2-20.el7_1.1
net-snmp-gui-1:5.7.2-20.ael7b_1.1
net-snmp-gui-1:5.7.2-20.el7_1.1
net-snmp-libs-1:5.5-54.el6_7.1
net-snmp-libs-1:5.7.2-20.ael7b_1.1
net-snmp-libs-1:5.7.2-20.el7_1.1
net-snmp-perl-1:5.5-54.el6_7.1
net-snmp-perl-1:5.7.2-20.ael7b_1.1
net-snmp-perl-1:5.7.2-20.el7_1.1
net-snmp-python-1:5.5-54.el6_7.1
net-snmp-python-1:5.7.2-20.ael7b_1.1
net-snmp-python-1:5.7.2-20.el7_1.1
net-snmp-sysvinit-1:5.7.2-20.ael7b_1.1
net-snmp-sysvinit-1:5.7.2-20.el7_1.1
net-snmp-utils-1:5.5-54.el6_7.1
net-snmp-utils-1:5.7.2-20.ael7b_1.1
net-snmp-utils-1:5.7.2-20.el7_1.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References