net-snmp-5.3.2.2-22.1.0.1.AXS3
エラータID: AXSA:2014-232:01
リリース日:
2014/04/10 Thursday - 18:58
題名:
net-snmp-5.3.2.2-22.1.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Net-SNMP は AgentX が MIB を処理するように登録し,GETNEXT リクエストを処理している際に,AgentX サブエージェントがタイムアウトを引き起こすことによって,リモートの攻撃者がサービス拒否 (クラッシュあるいは無限ループ,CPU 消費とハング) を引き起こす脆弱性があります。(CVE-2012-6151)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-6151
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
CVE-2014-2285
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
追加情報:
N/A
ダウンロード:
SRPMS
- net-snmp-5.3.2.2-22.1.0.1.AXS3.src.rpm
MD5: a7b8a6f3b069fefe925204992e4899ac
SHA-256: 4d39fdb996d31a18d04a2c8ffd16a06ee505d7826f197ed98907954e2d43604c
Size: 4.51 MB
Asianux Server 3 for x86
- net-snmp-5.3.2.2-22.1.0.1.AXS3.i386.rpm
MD5: fd1b620acc9ed80a8b6d7b2ffbad0d7d
SHA-256: 9368635f8c4668a29efb59c385968553d1a826a29b3033575aea33e6424b4cc2
Size: 704.74 kB - net-snmp-devel-5.3.2.2-22.1.0.1.AXS3.i386.rpm
MD5: 009f507e5cbf64fcc7e6fc409212432a
SHA-256: c5c817270a07d25bb173c29167fbfe171caf883d994f51c062d208477b072ffb
Size: 1.93 MB - net-snmp-libs-5.3.2.2-22.1.0.1.AXS3.i386.rpm
MD5: 9e455f1c73946ddb51ab2db4e04e9cb7
SHA-256: 3994bc25d1783d3555514f7b2a5d3c905a777f90e8348f6a0dba20eb56022a4d
Size: 1.28 MB - net-snmp-perl-5.3.2.2-22.1.0.1.AXS3.i386.rpm
MD5: 0dc6c56848a17f343be7bd865a2894ef
SHA-256: 3bd78cf4e549be297298b919d077d60d779c4f2b1ea657f46c5dce0a9272fc5e
Size: 204.51 kB - net-snmp-utils-5.3.2.2-22.1.0.1.AXS3.i386.rpm
MD5: 52486a9de6b5fd580a495f29f00d727c
SHA-256: bb286c950aa2916346ec314ffec50c042719c2173cf454e8372ab526d9c34763
Size: 193.14 kB
Asianux Server 3 for x86_64
- net-snmp-5.3.2.2-22.1.0.1.AXS3.x86_64.rpm
MD5: c3b24ba9e0498b1d22dd2fbe54aadd40
SHA-256: d0a55cf9f93b3678b46816569bff7a32494fa14790aab40ac4d2c26db266776c
Size: 708.20 kB - net-snmp-devel-5.3.2.2-22.1.0.1.AXS3.x86_64.rpm
MD5: f0e1511e0e3fa927e3521e3e3dd1e94c
SHA-256: 0363b3b3f36752739fec864196cc90ab4f140068dca660c5cccbd1d41bdac178
Size: 1.98 MB - net-snmp-libs-5.3.2.2-22.1.0.1.AXS3.x86_64.rpm
MD5: 1e25b2df43cc0bc383b407dc1f1ea744
SHA-256: 9c1e3ef3ab99e84fe25dcac2a4e3c3a3095f4694b154165e91a727c5f33b6d26
Size: 1.30 MB - net-snmp-perl-5.3.2.2-22.1.0.1.AXS3.x86_64.rpm
MD5: 074497aa6bd4f8194dc2d65cb0dc44d2
SHA-256: c0b383f08188e9b0dfd0fce8ecbe149c5e85d7c5ca9a1393cdd2a518e34bcd23
Size: 203.13 kB - net-snmp-utils-5.3.2.2-22.1.0.1.AXS3.x86_64.rpm
MD5: 8ede8a4eba622139c886e17e8aa9c593
SHA-256: 3a78bc7e98169c040af1c003fbf62d615c20cf6d285f88f186f564a3316a726a
Size: 193.28 kB