Detections
Analytics

MiracleLinux 3 : net-snmp-5.3.2.2-20.0.1.AXS3 (AXSA:2013-32:01)

medium Nessus Plugin ID 290020

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-32:01 advisory.

 SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc.
 You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities.
 Building option: --without tcp_wrappers : disable tcp_wrappers support Security issues fixed with this release:
 CVE-2012-2141:
 Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net- SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
 Fixed bugs:
 The snmpd daemon now recognizes devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems and reports them in the HOST-RESOURCES-MIB::hrStorageTable table.
 Updated the snmptrapd (8) man page to correctly describe how to load multiple configuration files using the -c option: multiple configuration files must be separated by a comma.
 The snmpd daemon did not evaluate correctly integers truncated from 64 to 32-bit and could then enter an endless loop. This has been fixed.
 snmpd does no longer crash when receiving a signal while enumerating existing IPv6 network prefixes during startup.
 Fixed decoding of COUNTER64 values from AgentX: snmpd now uses the correct COUNTER64 size and can process several COUNTER64 values in AgentX communication.
 Fixed engineID of outgoing traps if 'trapsess -e <engineID>' is used in snmpd.conf.
 Fixed Request-ID encoded in 5-bytes when it gets negative added support for port numbers in 'clientaddr' configuration option.
 Ffixed snmpd showing failed to run mteTrigger query when 'monitor' config option is used.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3653

Plugin Details

Severity: Medium

ID: 290020

File Name: miracle_linux_AXSA-2013-32.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2012-2141

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:net-snmp, p-cpe:/a:miracle:linux:net-snmp-perl, p-cpe:/a:miracle:linux:net-snmp-libs, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:net-snmp-utils, p-cpe:/a:miracle:linux:net-snmp-devel

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/21/2013

Vulnerability Publication Date: 4/26/2012

Reference Information

CVE: CVE-2012-2141