Otklonjen je nedostatak otkriven u radu programskog paketa net-snmp kojeg je udaljeni napadač mogao iskoristiti za izvođenje DoS napada.
| Paket: | net-snmp 5.x |
| Operacijski sustavi: | Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 2.8 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-2141 |
| Izvorni ID preporuke: | MDVSA-2012:099 |
| Izvor: | Mandriva |
| Problem: | |
| Propust je posljedica nepravilnosti pri traženju informacija o ulaznom podatku u tablici ekstenzija. |
|
| Posljedica: | |
| Navedeni propust moguće je iskoristiti za provođenje napada uskraćivanjem usluge. |
|
| Rješenje: | |
| Korisnicima se savjetuje prelazak na ispravljenu inačicu. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:099
http://www.mandriva.com/security/
_______________________________________________________________________
Package : net-snmp
Date : June 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in net-snmp:
An array index error, leading to out-of heap-based buffer read flaw
was found in the way net-snmp agent performed entries lookup in the
extension table. When certain MIB subtree was handled by the extend
directive, a remote attacker having read privilege to the subtree could
use this flaw to cause a denial of service (snmpd crash) via SNMP GET
request involving a non-existent extension table entry (CVE-2012-2141).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
549a715a24b4cfed186201abb88ab4c1
2010.1/i586/libnet-snmp20-5.5-7.1mdv2010.2.i586.rpm
dffee731e289b4c338c02ad8c85a0312
2010.1/i586/libnet-snmp-devel-5.5-7.1mdv2010.2.i586.rpm
ab2d140c9e9ee6a3ca05df9e4a1e65cb
2010.1/i586/libnet-snmp-static-devel-5.5-7.1mdv2010.2.i586.rpm
a78a283445d42add9164081350cb2e79
2010.1/i586/net-snmp-5.5-7.1mdv2010.2.i586.rpm
af747c2cd184b9cd0071320b71e23d62
2010.1/i586/net-snmp-mibs-5.5-7.1mdv2010.2.i586.rpm
1703166df266d466ee5ebd1e3e42152f
2010.1/i586/net-snmp-tkmib-5.5-7.1mdv2010.2.i586.rpm
4416385214616480e1a703430de0160d
2010.1/i586/net-snmp-trapd-5.5-7.1mdv2010.2.i586.rpm
ec6325d9778014907cd3f30a31a02791
2010.1/i586/net-snmp-utils-5.5-7.1mdv2010.2.i586.rpm
38e51b57e5d9d03edb6ea01545d3bc25
2010.1/i586/perl-NetSNMP-5.5-7.1mdv2010.2.i586.rpm
901eeb7abf12be68bc3a24f76cbad087
2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
568bdf766fd52583fe8793d55cfbc40a
2010.1/x86_64/lib64net-snmp20-5.5-7.1mdv2010.2.x86_64.rpm
fbdd5492d01aa88de15f63dea689258b
2010.1/x86_64/lib64net-snmp-devel-5.5-7.1mdv2010.2.x86_64.rpm
2b234ec4b01f31adfbb3d5b77879fdfe
2010.1/x86_64/lib64net-snmp-static-devel-5.5-7.1mdv2010.2.x86_64.rpm
619b92ffd07067994be02fde7528f951
2010.1/x86_64/net-snmp-5.5-7.1mdv2010.2.x86_64.rpm
79dc167bfe48718513fdae8b5ffbe9b0
2010.1/x86_64/net-snmp-mibs-5.5-7.1mdv2010.2.x86_64.rpm
3d9aaff4836efc8f8efb0d3fc7a30f76
2010.1/x86_64/net-snmp-tkmib-5.5-7.1mdv2010.2.x86_64.rpm
fda5dfbe8012404d6ddd0c3943129665
2010.1/x86_64/net-snmp-trapd-5.5-7.1mdv2010.2.x86_64.rpm
af024b56711368674499906e957ca59a
2010.1/x86_64/net-snmp-utils-5.5-7.1mdv2010.2.x86_64.rpm
8071b12044e02a4400a9b7fa5c66f4cc
2010.1/x86_64/perl-NetSNMP-5.5-7.1mdv2010.2.x86_64.rpm
901eeb7abf12be68bc3a24f76cbad087
2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm
Mandriva Linux 2011:
bd71a939144d1d20b08283401515eab9
2011/i586/libnet-snmp25-5.6.1-9.1-mdv2011.0.i586.rpm
d56ccb25cbc50ada230b2a568e312560
2011/i586/libnet-snmp-devel-5.6.1-9.1-mdv2011.0.i586.rpm
d7e9e13bb4feaf78db0354ea35348c0f
2011/i586/libnet-snmp-static-devel-5.6.1-9.1-mdv2011.0.i586.rpm
13c81c8bb164c99fc6806ba6328d77a7
2011/i586/net-snmp-5.6.1-9.1-mdv2011.0.i586.rpm
159143bd5eae11219fd33bed27d3db15
2011/i586/net-snmp-mibs-5.6.1-9.1-mdv2011.0.i586.rpm
350761224456d9d06ad4a9661bc4ee77
2011/i586/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.i586.rpm
bb34c4dd7512274ba6fbfedada9b4d01
2011/i586/net-snmp-trapd-5.6.1-9.1-mdv2011.0.i586.rpm
3175051bbd95c1f93c17dac6854de586
2011/i586/net-snmp-utils-5.6.1-9.1-mdv2011.0.i586.rpm
d6b207acf8e1d199d94cbc2ba9088f56
2011/i586/perl-NetSNMP-5.6.1-9.1-mdv2011.0.i586.rpm
a6ae19f2f7f865f76880c05d3be5feca
2011/i586/python-netsnmp-5.6.1-9.1-mdv2011.0.i586.rpm
0aab253539a0484d932baf04f703d4d2 2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm
Mandriva Linux 2011/X86_64:
50841d5a79cbb80c8f3b135d98e62c94
2011/x86_64/lib64net-snmp25-5.6.1-9.1-mdv2011.0.x86_64.rpm
2f98663d082b1c806049e1d638665bd7
2011/x86_64/lib64net-snmp-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
58426391ae5bee8f1063ca96709138de
2011/x86_64/lib64net-snmp-static-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
61a36cdaa85b25b990622af254cb5c1c
2011/x86_64/net-snmp-5.6.1-9.1-mdv2011.0.x86_64.rpm
53d742abefd3d45fcdd6686a4e63c394
2011/x86_64/net-snmp-mibs-5.6.1-9.1-mdv2011.0.x86_64.rpm
57c665999674a46001de569f5cbaf4b0
2011/x86_64/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.x86_64.rpm
aedb28e2cca33ab91a5987f08499ce76
2011/x86_64/net-snmp-trapd-5.6.1-9.1-mdv2011.0.x86_64.rpm
440057cfe374699634e7123f8dfe91c7
2011/x86_64/net-snmp-utils-5.6.1-9.1-mdv2011.0.x86_64.rpm
d8cb8fa927a32c6d5ce3664f15c95ccf
2011/x86_64/perl-NetSNMP-5.6.1-9.1-mdv2011.0.x86_64.rpm
3f83c7c8e1073a229bdb2cf3f33d3708
2011/x86_64/python-netsnmp-5.6.1-9.1-mdv2011.0.x86_64.rpm
0aab253539a0484d932baf04f703d4d2 2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm
Mandriva Enterprise Server 5:
a57d57bfebb80c9a5d73811d5696ee47
mes5/i586/libnet-snmp15-5.4.2-2.4mdvmes5.2.i586.rpm
db359acdd4bf501f8469a60bdca31439
mes5/i586/libnet-snmp-devel-5.4.2-2.4mdvmes5.2.i586.rpm
9a68e11e201646d2ea2c06be3db6d03f
mes5/i586/libnet-snmp-static-devel-5.4.2-2.4mdvmes5.2.i586.rpm
864a7d720acedd85a0b35679e59849a3
mes5/i586/net-snmp-5.4.2-2.4mdvmes5.2.i586.rpm
6acc806f39f3b6e04d6c16b0ec85acdf
mes5/i586/net-snmp-mibs-5.4.2-2.4mdvmes5.2.i586.rpm
22c72430d5926751c532535d70c74bdc
mes5/i586/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.i586.rpm
e1133d9065147744a007f15beea6b963
mes5/i586/net-snmp-trapd-5.4.2-2.4mdvmes5.2.i586.rpm
2040762a0fa5947010d01e459453803c
mes5/i586/net-snmp-utils-5.4.2-2.4mdvmes5.2.i586.rpm
99aca626593aa9829e2f66143b9e8a5d
mes5/i586/perl-NetSNMP-5.4.2-2.4mdvmes5.2.i586.rpm
0ee5d96c849a98d9600faf2bd20c1bdc
mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
6cec4f28c38f6e446976359de2d52c2f
mes5/x86_64/lib64net-snmp15-5.4.2-2.4mdvmes5.2.x86_64.rpm
280b5df81cced400a9d50cf36e29697a
mes5/x86_64/lib64net-snmp-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
456656085d1303473d6b843161a5dfd9
mes5/x86_64/lib64net-snmp-static-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
388d6c3f5262a2782c1df1eee2b56ae5
mes5/x86_64/net-snmp-5.4.2-2.4mdvmes5.2.x86_64.rpm
5581bb503428d43f56047b804e21bebd
mes5/x86_64/net-snmp-mibs-5.4.2-2.4mdvmes5.2.x86_64.rpm
1643390bf239fa3c54d5959b342ca953
mes5/x86_64/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.x86_64.rpm
ad3e97af2064f3f1cd9467b69578610a
mes5/x86_64/net-snmp-trapd-5.4.2-2.4mdvmes5.2.x86_64.rpm
812851c970888bc5cc5c0e7b401e0486
mes5/x86_64/net-snmp-utils-5.4.2-2.4mdvmes5.2.x86_64.rpm
cfc93c491b3fe7b4c22ed0bcb565f98b
mes5/x86_64/perl-NetSNMP-5.4.2-2.4mdvmes5.2.x86_64.rpm
0ee5d96c849a98d9600faf2bd20c1bdc
mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP4waNmqjQ0CJFipgRArgNAJ0dg/2Yglk3Ur7coMgqaciT65zCXwCgnCBC
DrN/hendr1zsDadTg/F5ntc=
=nCSt
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke