Detections
Analytics

MiracleLinux 4 : net-snmp-5.5-54.AXS4 (AXSA:2015-271:01)

high Nessus Plugin ID 289461

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-271:01 advisory.

 SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools:
 an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps and a version of the netstat command which uses SNMP. This package contains the snmpd and snmptrapd daemons, documentation, etc.
 You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities.
 Security issues fixed with this release:
 CVE-2014-3565 Fixed bugs:
 * The HOST-RESOURCES-MIB::hrSystemProcesses object was not implemented because parts of the HOST-RESOURCES-MIB module were rewritten in an earlier version of net-snmp. Consequently, HOST-RESOURCES-MIB::hrSystemProcesses did not provide information on the number of currently loaded or running processes. With this update, HOST-RESOURCES-MIB::hrSystemProcesses has been implemented, and the net-snmp daemon reports as expected.
 * The Net-SNMP agent daemon, snmpd, reloaded the system ARP table every 60 seconds. As a consequence, snmpd could cause a short CPU usage spike on busy systems with a large APR table. With this update, the problem was fixed.
 * Previously, snmpd used an invalid pointer to the current time when periodically checking certain conditions specified by the monitor option in the /etc/snmpd/snmpd.conf file. Consequently, snmpd terminated unexpectedly on start with a segmentation fault if a certain entry with the monitor option was used. Now, snmpd has been update to pass this error.
 * Previously, snmpd expected 8-bit network interface indices when processing HOST-RESOURCES-MIB::hrDeviceTable. If an interface index of a local network interface was larger than 30,000 items, snmpd could terminate unexpectedly due to accessing invalid memory. The bug was fixed in this update.
 * The snmpdtrapd service incorrectly checked for errors when forwarding a trap with a RequestID value of 0, and logged Forward failed even though the trap was successfully forwarded. This update fixes snmptrapd checks and the aforementioned message is now logged only when appropriate.
 * Previously, snmpd ignored the value of the storageUseNFS option in the /etc/snmpd/snmpd.conf file. As a consequence, NFS drivers were shown as Network Disks, even though storageUseNFS was set to 2 to report them as Fixed Disks in HOST-RESOURCES-MIB::hrStorageTable. With this update, fixed it.
 * Previously, the Net-SNMP python binding used an incorrect size (8 bytes instead of 4) for variables of IPADDRESS type. Consequently, applications that were using Net-SNMP Python bindings could send malformed SNMP messages. With this update, this bug has been fixed.
 * Previously, the snmpd service did not cut values in HOST-RESOURCES-MIB::hrStorageTable to signed 32-bit integers, as required by SNMP standards, and provided the values as unsigned integers. As a consequence, the HOST-RESOURCES-MIB::hrStorageTable implementation did not conform to RFC 2790. The values are now cut to 32-bit signed integers, and snmpd is therefore standard compliant.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/5616

Plugin Details

Severity: High

ID: 289461

File Name: miracle_linux_AXSA-2015-271.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2014-3565

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:net-snmp, p-cpe:/a:miracle:linux:net-snmp-python, p-cpe:/a:miracle:linux:net-snmp-libs, p-cpe:/a:miracle:linux:net-snmp-perl, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:net-snmp-utils, p-cpe:/a:miracle:linux:net-snmp-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/6/2015

Vulnerability Publication Date: 8/31/2014

Reference Information

CVE: CVE-2014-3565