Summary: | <net-analyzer/net-snmp-5.7.2.1: crashes/hangs when AgentX subagent times out (CVE-2012-6151) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bertrand, netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1038007 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-12-04 10:10:58 UTC
CVE-2012-6151 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6151): Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. Bug 494574 is being stabilized now for net-analyzer/net-snmp-5.7.2-r1 does it contain the fix for this? All other distress have this fixed in 5.7.2, please confirm that this is fixed in the current stable version so that we can release the GLSA. sorry distributions ... hate auto spelling corrections. The CVE said it should be good. This issue was resolved and addressed in GLSA 201409-02 at http://security.gentoo.org/glsa/glsa-201409-02.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |