OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

Medium Nessus Plugin ID 85140


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373]

- Quicker loading of IP-MIB::ipAddrTable (#1191393)

- Quicker loading of IP-MIB::ipAddressTable (#1191393)

- Fixed snmptrapd crash when '-OQ' parameter is used and invalid trap is received (#CVE-2014-3565)

- added faster caching into IP-MIB::ipNetToMediaTable (#789500)

- fixed compilation with '-Werror=format-security' (#1181994)

- added clear error message when port specified in 'clientaddrr' config option cannot be bound (#886468)

- fixed error check in IP-MIB::ipAddressTable (#1012430)

- fixed agentx client crash on failed response (#1023570)

- fixed dashes in net-snmp-config.h (#1034441)

- fixed crash on monitor trigger (#1050970)

- fixed 'netsnmp_assert 1 == new_val->high failed' message in system log (#1065210)

- fixed parsing of 64bit counters from SMUX subagents (#1069046)

- Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines with >100 CPUs (#1070075)

- fixed net-snmp-create-v3-user to have the same content on 32 and 64bit installations (#1073544)

- fixed IPADDRESS value length in Python bindings (#1100099)

- fixed hrStorageTable to contain 31 bits integers (#1104293)

- fixed links to developer man pages (#1119567)

- fixed storageUseNFS functionality in hrStorageTable (#1125793)

- fixed netsnmp_set Python bindings call truncating at the first '\000' character (#1126914)

- fixed log level of SMUX messages (#1140234)

- use python/README to net-snmp-python subpackage (#1157373)

- fixed forwarding of traps with RequestID=0 in snmptrapd (#1146948)

- fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)

- fixed close overhead of extend commands (#1188295)

- fixed lmSensorsTable not reporting sensors with duplicate names (#967871)

- fixed hrDeviceTable with interfaces with large ifIndex (#1195547)

- added 'diskio' option to snmpd.conf, it's possible to monitor only selected devices in diskIOTable (#990674)

- fixed CVE-2014-2284: denial of service flaw in Linux implementation of ICMP-MIB (#1073223)

- added cache to hrSWRunTable to provide consistent results (#1007634)

- skip 'mvfs' (ClearCase) when skipNFSInHostResources is enabled (#1073237)

- fixed snmptrapd crashing on forwarding SNMPv3 traps (#1131844)

- fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)

- fixed snmp daemons and utilities crashing in FIPS mode (#1001830)

- added support of btrfs filesystem in hrStorageTable (#1006706)

- fixed issues found by static analysis tools

- restored ABI of read_configs_* functions

- fixed parsing of bulk responses (#983116)

- added support of vzfs filesystem in hrStorageTable (#989498)

- fixed endless loop when parsing sendmail configuration file with queue groups (#991213)

- fixed potential memory leak on realloc failure when processing 'extend' option (#893119)

- added precise enumeration of configuration files searched to snmp_config(5) man page (#907571)

- set permissions of snmpd.conf and snmptrapd conf to 0600 (#919239)

- fixed kernel threads in hrSWRunTable (#919952)

- fixed various error codes in Python module (#955771)

- fixed snmpd crashing in the middle of agentx request processing when a subagent disconnects (#955511)

- allow 'includeFile' and 'includeDir' options in configuration files (#917816)

- fixed netlink message size (#927474)

- fixed IF-MIB::ifSpeedHi on systems with non-standard interface speeds (#947973)

- fixed BRIDGE-MIB::dot1dBasePortTable not to include the bridge itself as a port (#960568)

- fixed snmpd segfault when 'agentaddress' configuration options is used and too many SIGHUP signals are received (#968898)

- updated UCD-SNMP-MIB::dskTable to dynamically add/remove disks if 'includeAllDisks' is specified in snmpd.conf (#922691)

- fixed crash when parsing invalid SNMP packets (#953926)

- fixed snmpd crashing with 'exec' command with no arguments in snmpd.conf (#919259)


Update the affected net-snmp / net-snmp-libs / net-snmp-utils packages.

See Also

Plugin Details

Severity: Medium

ID: 85140

File Name: oraclevm_OVMSA-2015-0099.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2015/07/31

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:net-snmp, p-cpe:/a:oracle:vm:net-snmp-libs, p-cpe:/a:oracle:vm:net-snmp-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/30

Reference Information

CVE: CVE-2014-2284, CVE-2014-3565

BID: 65867, 69477

OSVDB: 110884, 130393