Summary: | <net-analyzer/net-snmp-5.7.2.1: denial of service flaw in Linux implementation of ICMP-MIB (CVE-2014-2284) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1070396 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-02-27 13:42:49 UTC
*5.7.2.1* snmpd: - SECURITY: a denial of service attack vector was discovered on the linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects. The 5.7.2.1 tarball contains all of the binaries pre-built, and has some other problems. For instance, it second-guesses perl's ARCH_LIB (which is easy to fix) but more importantly, it has developed some new parallel make problems. (In reply to Jeroen Roovers from comment #2) > The 5.7.2.1 tarball contains all of the binaries pre-built, and has some > other problems. > For instance, it second-guesses perl's ARCH_LIB (which is > easy to fix) That appears to be because it has pre-generated Makefiles in perl/. I'll roll a fresh tarball. Saves around 20 megabytes in downloading. Arch teams, please test and mark stable: =net-analyzer/net-snmp-5.7.2.1 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable x86 stable sparc stable arm stable ppc stable ia64 stable alpha stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. Security please Vote. GLSA vote: no CVE-2014-2284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2284): The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. (In reply to Mikle Kolyada from comment #15) > GLSA vote: no nvmd. Added to existing glsa draft. This issue was resolved and addressed in GLSA 201409-02 at http://security.gentoo.org/glsa/glsa-201409-02.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |