Solution
Please Install the Updated Packages.
Insight
These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).
An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the extend directive (/etc/snmp/snmpd.conf) could use this flaw to crash snmpd via a crafted SNMP GET request.
(CVE-2012-2141)
Bug fixes:
* Devices that used certain file systems were not reported in the "
HOST-RESOURCES-MIB::hrStorageTable"
table. As a result, the snmpd daemon
did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the 'HOST-RESOURCES-MIB::hrStorageTable' table.
(BZ#754652, BZ#755958, BZ#822061)
* The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the '-c' option. This update describes correctly that multiple configuration files must be separated by a comma.
(BZ#760001)
* Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892)
Description truncated, for more information please check the Reference URL
Affected
net-snmp on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-2141 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P
Related Vulnerabilities