Sigurnosni propust paketa Net-SNMP

U radu programskog paketa Net-SNMP otkriven je sigurnosni propust koji je moguće iskoristiti udaljeno za izvođenje napada uskraćivanjem usluge (DoS).

Paket:	net-snmp 5.x
Operacijski sustavi:	Ubuntu Linux 8.04, Ubuntu Linux 10.04, Ubuntu Linux 11.04, Ubuntu Linux 11.10, Ubuntu Linux 12.04
Kritičnost:	2.8
Problem:	pogreška u programskoj funkciji
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-2141
Izvorni ID preporuke:	USN-1450-1
Izvor:	Ubuntu

Problem:
Propust je posljedica pogreške u funkciji "handle_nsExtendOutput2Table()" u datoteci (agent/mibgroup/agent/extend.c).
Posljedica:
Napadačima propust omogućuje izvođenje DoS (eng. Denial of Service) napada podmetanjem zlonamjerno oblikovanih SNMP GET zahtjeva.
Rješenje:
Svim korisnicima ranjivog paketa savjetuje se korištenje novih programskih rješenja.

Izvorni tekst preporuke

==========================================================================
Ubuntu Security Notice USN-1450-1
May 23, 2012

net-snmp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Net-SNMP could be made to crash if it received specially crafted network
traffic.

Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

It was discovered that Net-SNMP incorrectly performed entry lookups in the
extension table. A remote attacker could send a specially crafted request
and cause the SNMP server to crash, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  libsnmp15                       5.4.3~dfsg-2.4ubuntu1.1

Ubuntu 11.10:
  libsnmp15                       5.4.3~dfsg-2.2ubuntu1.1

Ubuntu 11.04:
  libsnmp15                       5.4.3~dfsg-2ubuntu1.1

Ubuntu 10.04 LTS:
  libsnmp15                       5.4.2.1~dfsg0ubuntu1-0ubuntu2.2

Ubuntu 8.04 LTS:
  libsnmp15                       5.4.1~dfsg-4ubuntu4.4

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1450-1
  CVE-2012-2141

Package Information:
  https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.4ubuntu1.1
  https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2.2ubuntu1.1
  https://launchpad.net/ubuntu/+source/net-snmp/5.4.3~dfsg-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/net-snmp/5.4.2.1~dfsg0ubuntu1-0ubuntu2.2
  https://launchpad.net/ubuntu/+source/net-snmp/5.4.1~dfsg-4ubuntu4.4

Sigurnosni propust paketa Net-SNMP

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust paketa Net-SNMP

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti