net-snmp-5.9.1-13.el9_4.3

エラータID: AXSA:2024-8863:05

Release date: 
Monday, September 30, 2024 - 10:42
Subject: 
net-snmp-5.9.1-13.el9_4.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Security Fix(es):

* net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)
* : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)
* net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)
* net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)
* net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)
* net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24805
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24807
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24810
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Solution: 

Update packages.

CVEs: 
CVE-2022-24805
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24807
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24810
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
Additional Info: 

N/A

Download: 

SRPMS
  1. net-snmp-5.9.1-13.el9_4.3.src.rpm
    MD5: 1eeb128ed91ea76ede20bc34918fe924
    SHA-256: ac156ca42b71b7bd491abf44f360c32468057526f6d1b0d280b3cd22ebe4a53b
    Size: 6.48 MB

Asianux Server 9 for x86_64
  1. net-snmp-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: 71536c60b7615f594b651146d4c3bfc9
    SHA-256: 4b3e65381839773e2ad1d4e0636e9cf2dae5188afac80b5a6168f18e4b8c91c8
    Size: 309.06 kB
  2. net-snmp-agent-libs-5.9.1-13.el9_4.3.i686.rpm
    MD5: 78e5647bffe054cfe5b1c735bdc6c650
    SHA-256: f378083c843d1f1d7bc4bc17fe0b925ba471c245a90b971b9f0ae602bc1a2673
    Size: 708.58 kB
  3. net-snmp-agent-libs-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: 2656898ae4bb1db6940bdcff8ee99227
    SHA-256: 08ab81e04fbdee86c348d6d9f8b055242fe4e8a636ecbf729661e102d1d2ef11
    Size: 693.42 kB
  4. net-snmp-devel-5.9.1-13.el9_4.3.i686.rpm
    MD5: 2f86805cd49158f953a686a56470b18b
    SHA-256: 35ed947f61b05926f5e03c630a3c63e992e3100156aa638e84e1f5c742e3e208
    Size: 290.60 kB
  5. net-snmp-devel-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: 3ab6a50fe023453016a00f45846f9972
    SHA-256: a3559c965c2de074c3a8cc425db95bcb8fa8a5c39b6491341381495dfe4666ad
    Size: 290.58 kB
  6. net-snmp-libs-5.9.1-13.el9_4.3.i686.rpm
    MD5: 398a16f435501d1a6f564a93894acffb
    SHA-256: 3fbd30e6f37aae40f5d9e89458a65ec2a5f6796afa2754c3b891ab15e1f2321e
    Size: 776.96 kB
  7. net-snmp-libs-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: c138050192e237803f4872d85e3b27d0
    SHA-256: 7cbd5943028a9494f960c6e9e1a154504f02cc57eead044bfac41b0bc4989ab3
    Size: 758.55 kB
  8. net-snmp-perl-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: ef55758b329cfa1541441f9011aaa95f
    SHA-256: 37e5f0342b21b2ef6d3c7d1bdb939829f11a41f77fb2d4305a98df8999c867e6
    Size: 332.75 kB
  9. net-snmp-utils-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: f350404b49f999aedba2712e96e55ae2
    SHA-256: 057a8b63978c8066c8bdbf3c20dec084f4ac3ea02745f036785a8667d61caa04
    Size: 197.07 kB
  10. python3-net-snmp-5.9.1-13.el9_4.3.x86_64.rpm
    MD5: 409e1a7704e14119312743aa431aec81
    SHA-256: 1996dc7cafa4685a5dcf7c2baca83035d034b8ce08ec3b86654d139773f35e14
    Size: 48.37 kB