Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_2141_denial_of)
Medium Nessus Plugin ID 80708
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. (CVE-2014-2285)
- snmplib/mib.c in net-snmp 5.7.0 and earlier, when the
-OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
SolutionUpgrade to Solaris 188.8.131.52.0.