OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

Medium Nessus Plugin ID 85140

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373]

- Quicker loading of IP-MIB::ipAddrTable (#1191393)

- Quicker loading of IP-MIB::ipAddressTable (#1191393)

- Fixed snmptrapd crash when '-OQ' parameter is used and invalid trap is received (#CVE-2014-3565)

- added faster caching into IP-MIB::ipNetToMediaTable (#789500)

- fixed compilation with '-Werror=format-security' (#1181994)

- added clear error message when port specified in 'clientaddrr' config option cannot be bound (#886468)

- fixed error check in IP-MIB::ipAddressTable (#1012430)

- fixed agentx client crash on failed response (#1023570)

- fixed dashes in net-snmp-config.h (#1034441)

- fixed crash on monitor trigger (#1050970)

- fixed 'netsnmp_assert 1 == new_val->high failed' message in system log (#1065210)

- fixed parsing of 64bit counters from SMUX subagents (#1069046)

- Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines with >100 CPUs (#1070075)

- fixed net-snmp-create-v3-user to have the same content on 32 and 64bit installations (#1073544)

- fixed IPADDRESS value length in Python bindings (#1100099)

- fixed hrStorageTable to contain 31 bits integers (#1104293)

- fixed links to developer man pages (#1119567)

- fixed storageUseNFS functionality in hrStorageTable (#1125793)

- fixed netsnmp_set Python bindings call truncating at the first '\000' character (#1126914)

- fixed log level of SMUX messages (#1140234)

- use python/README to net-snmp-python subpackage (#1157373)

- fixed forwarding of traps with RequestID=0 in snmptrapd (#1146948)

- fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)

- fixed close overhead of extend commands (#1188295)

- fixed lmSensorsTable not reporting sensors with duplicate names (#967871)

- fixed hrDeviceTable with interfaces with large ifIndex (#1195547)

- added 'diskio' option to snmpd.conf, it's possible to monitor only selected devices in diskIOTable (#990674)

- fixed CVE-2014-2284: denial of service flaw in Linux implementation of ICMP-MIB (#1073223)

- added cache to hrSWRunTable to provide consistent results (#1007634)

- skip 'mvfs' (ClearCase) when skipNFSInHostResources is enabled (#1073237)

- fixed snmptrapd crashing on forwarding SNMPv3 traps (#1131844)

- fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)

- fixed snmp daemons and utilities crashing in FIPS mode (#1001830)

- added support of btrfs filesystem in hrStorageTable (#1006706)

- fixed issues found by static analysis tools

- restored ABI of read_configs_* functions

- fixed parsing of bulk responses (#983116)

- added support of vzfs filesystem in hrStorageTable (#989498)

- fixed endless loop when parsing sendmail configuration file with queue groups (#991213)

- fixed potential memory leak on realloc failure when processing 'extend' option (#893119)

- added precise enumeration of configuration files searched to snmp_config(5) man page (#907571)

- set permissions of snmpd.conf and snmptrapd conf to 0600 (#919239)

- fixed kernel threads in hrSWRunTable (#919952)

- fixed various error codes in Python module (#955771)

- fixed snmpd crashing in the middle of agentx request processing when a subagent disconnects (#955511)

- allow 'includeFile' and 'includeDir' options in configuration files (#917816)

- fixed netlink message size (#927474)

- fixed IF-MIB::ifSpeedHi on systems with non-standard interface speeds (#947973)

- fixed BRIDGE-MIB::dot1dBasePortTable not to include the bridge itself as a port (#960568)

- fixed snmpd segfault when 'agentaddress' configuration options is used and too many SIGHUP signals are received (#968898)

- updated UCD-SNMP-MIB::dskTable to dynamically add/remove disks if 'includeAllDisks' is specified in snmpd.conf (#922691)

- fixed crash when parsing invalid SNMP packets (#953926)

- fixed snmpd crashing with 'exec' command with no arguments in snmpd.conf (#919259)

Solution

Update the affected net-snmp / net-snmp-libs / net-snmp-utils packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000349.html

Plugin Details

Severity: Medium

ID: 85140

File Name: oraclevm_OVMSA-2015-0099.nasl

Version: 2.4

Type: local

Published: 2015/07/31

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:net-snmp, p-cpe:/a:oracle:vm:net-snmp-libs, p-cpe:/a:oracle:vm:net-snmp-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/07/30

Reference Information

CVE: CVE-2014-2284, CVE-2014-3565

BID: 65867, 69477