OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Add Oracle ACFS to hrStorage (John Haxby) [orabug
18510373]

- Quicker loading of IP-MIB::ipAddrTable (#1191393)

- Quicker loading of IP-MIB::ipAddressTable (#1191393)

- Fixed snmptrapd crash when '-OQ' parameter is used and
invalid trap is received (#CVE-2014-3565)

- added faster caching into IP-MIB::ipNetToMediaTable
(#789500)

- fixed compilation with '-Werror=format-security'
(#1181994)

- added clear error message when port specified in
'clientaddrr' config option cannot be bound (#886468)

- fixed error check in IP-MIB::ipAddressTable (#1012430)

- fixed agentx client crash on failed response (#1023570)

- fixed dashes in net-snmp-config.h (#1034441)

- fixed crash on monitor trigger (#1050970)

- fixed 'netsnmp_assert 1 == new_val->high failed' message
in system log (#1065210)

- fixed parsing of 64bit counters from SMUX subagents
(#1069046)

- Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines
with >100 CPUs (#1070075)

- fixed net-snmp-create-v3-user to have the same content
on 32 and 64bit installations (#1073544)

- fixed IPADDRESS value length in Python bindings
(#1100099)

- fixed hrStorageTable to contain 31 bits integers
(#1104293)

- fixed links to developer man pages (#1119567)

- fixed storageUseNFS functionality in hrStorageTable
(#1125793)

- fixed netsnmp_set Python bindings call truncating at the
first '\000' character (#1126914)

- fixed log level of SMUX messages (#1140234)

- use python/README to net-snmp-python subpackage
(#1157373)

- fixed forwarding of traps with RequestID=0 in snmptrapd
(#1146948)

- fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)

- fixed close overhead of extend commands (#1188295)

- fixed lmSensorsTable not reporting sensors with
duplicate names (#967871)

- fixed hrDeviceTable with interfaces with large ifIndex
(#1195547)

- added 'diskio' option to snmpd.conf, it's possible to
monitor only selected devices in diskIOTable (#990674)

- fixed CVE-2014-2284: denial of service flaw in Linux
implementation of ICMP-MIB (#1073223)

- added cache to hrSWRunTable to provide consistent
results (#1007634)

- skip 'mvfs' (ClearCase) when skipNFSInHostResources is
enabled (#1073237)

- fixed snmptrapd crashing on forwarding SNMPv3 traps
(#1131844)

- fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)

- fixed snmp daemons and utilities crashing in FIPS mode
(#1001830)

- added support of btrfs filesystem in hrStorageTable
(#1006706)

- fixed issues found by static analysis tools

- restored ABI of read_configs_* functions

- fixed parsing of bulk responses (#983116)

- added support of vzfs filesystem in hrStorageTable
(#989498)

- fixed endless loop when parsing sendmail configuration
file with queue groups (#991213)

- fixed potential memory leak on realloc failure when
processing 'extend' option (#893119)

- added precise enumeration of configuration files
searched to snmp_config(5) man page (#907571)

- set permissions of snmpd.conf and snmptrapd conf to 0600
(#919239)

- fixed kernel threads in hrSWRunTable (#919952)

- fixed various error codes in Python module (#955771)

- fixed snmpd crashing in the middle of agentx request
processing when a subagent disconnects (#955511)

- allow 'includeFile' and 'includeDir' options in
configuration files (#917816)

- fixed netlink message size (#927474)

- fixed IF-MIB::ifSpeedHi on systems with non-standard
interface speeds (#947973)

- fixed BRIDGE-MIB::dot1dBasePortTable not to include the
bridge itself as a port (#960568)

- fixed snmpd segfault when 'agentaddress' configuration
options is used and too many SIGHUP signals are received
(#968898)

- updated UCD-SNMP-MIB::dskTable to dynamically add/remove
disks if 'includeAllDisks' is specified in snmpd.conf
(#922691)

- fixed crash when parsing invalid SNMP packets (#953926)

- fixed snmpd crashing with 'exec' command with no
arguments in snmpd.conf (#919259)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000349.html

Solution :

Update the affected net-snmp / net-snmp-libs / net-snmp-utils
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 85140 ()

Bugtraq ID: 65867
69477

CVE ID: CVE-2014-2284
CVE-2014-3565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now