SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Net-snmp Vendors:   net-snmp.sourceforge.net
(CentOS Issues Fix) Net-snmp Incomplete Parsing in snmp_pdu_parse() Lets Remote Users Crash snmpd or Execute Arbitrary Code
SecurityTracker Alert ID:  1033311
SecurityTracker URL:  http://securitytracker.com/id/1033311
CVE Reference:   CVE-2015-5621   (Links to External Site)
Date:  Aug 18 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Net-snmp. A remote user can cause the target service to crash. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a parsing error in snmp_pdu_parse() and cause the target snmpd process to crash or execute arbitrary code on the target system. The code will run with the privileges of the target snmp service.

Qinghao Tang of QIHU 360, China, reported this vulnerability.

Impact:   A remote user can cause the target service to crash.

A remote user can execute arbitrary code on the target system.

Solution:   CentOS has issued a fix.

i386:
7d65259ba49262f4ea465792df17021150b88fb631bb6cc9fb78c3e2afcc7b13 net-snmp-5.5-54.el6_7.1.i686.rpm
f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0 net-snmp-devel-5.5-54.el6_7.1.i686.rpm
9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f net-snmp-libs-5.5-54.el6_7.1.i686.rpm
487672e30702060c654d92ec3a43685826cd85245aad5dc24b35ec52bcad4de1 net-snmp-perl-5.5-54.el6_7.1.i686.rpm
6c7dc314d6ea6f56809e758c8f78c8da9ee8e81021d7626d7af1713bb87fa823 net-snmp-python-5.5-54.el6_7.1.i686.rpm
79f7df2a8dac6f308cd01edbc35d3934e168a9ab6e84ad2abdf14e9ba7def4ec net-snmp-utils-5.5-54.el6_7.1.i686.rpm

x86_64:
69cb14e6e321febc217ad5c390932fa21c2b07309e4b9930c388863d2dfe04f8 net-snmp-5.5-54.el6_7.1.x86_64.rpm
f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0 net-snmp-devel-5.5-54.el6_7.1.i686.rpm
33a82dca22cddcfbc51e70efd11611acc0e4b63c2f2dc514bd80fbaa65fa95ec net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm
9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f net-snmp-libs-5.5-54.el6_7.1.i686.rpm
4a61ae0b35a4fd7e373590936fd252963e67e9a29aae70c6b33ea1e885de7cb9 net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm
e17ac047fd00ae061b75e248aaccf73c09f6d6744174f88bfea2a9346d60997b net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm
761e7fdec93c5f0ff1bdd76437b41a25615e0f840cb615574308e70415071d42 net-snmp-python-5.5-54.el6_7.1.x86_64.rpm
f5e5160005b74badbdc1b448cacf35285aba6ab605231d4984c6c71251d56c83 net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm

Source:
fca7ec6f841a900120a60473d1de25818183b84f424ac6e9a1914249876c048d net-snmp-5.5-54.el6_7.1.src.rpm

x86_64:
5684807da810a67791c508e2c91772034135a5fab60d9af714b3023ea81eeffe net-snmp-5.7.2-20.el7_1.1.x86_64.rpm
19e91a03c5ff4184e1bce196c1d39fb7a9ca53991df1cb068d37fc1b4589d654 net-snmp-agent-libs-5.7.2-20.el7_1.1.i686.rpm
639e7376cff59e704c6761ecd8e1913e11ead459b458cebd3fc55f7caa89410b net-snmp-agent-libs-5.7.2-20.el7_1.1.x86_64.rpm
259906dd53d82fcd7c3bec4eb6a5704a4d1eae20afbe201b7e16828b65e28b96 net-snmp-devel-5.7.2-20.el7_1.1.i686.rpm
8918b6cb06d2092040cc497571b9ee520bdaf5dbc717ab8c52fed18f6cd1d45c net-snmp-devel-5.7.2-20.el7_1.1.x86_64.rpm
f305b33384efcbda7b214b5bec517fa1dde60d3452f8a3322c173d7aa438fc0b net-snmp-gui-5.7.2-20.el7_1.1.x86_64.rpm
a5067c828035ff4697995e2226a450434c49a99d4eb2c199a5b1d2e43416f6ff net-snmp-libs-5.7.2-20.el7_1.1.i686.rpm
d07ad6d3c4e2a4b35ef897051ba7ce63c48dcbfe6daef896f78e8589e81f5ca6 net-snmp-libs-5.7.2-20.el7_1.1.x86_64.rpm
5644fb28c2006c89058864c9cf4dbd706ca7d6d36b6db5870047471939b82b37 net-snmp-perl-5.7.2-20.el7_1.1.x86_64.rpm
66730e834b4a44e5aae61ad28c0b944481f937b8baf6cd7cd113815339017bcf net-snmp-python-5.7.2-20.el7_1.1.x86_64.rpm
42c11fe5067cb712a3d531a7fbc35f64fc792be40e34dd097bf476e8f96b673d net-snmp-sysvinit-5.7.2-20.el7_1.1.x86_64.rpm
681d8ab7b5e274d554665648c921a8594775af0c04ee93b9c273fc882d1e9255 net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm

Source:
c5ac5b9f29069245cd05a42004137e4741feab3bf9b8b784e2da0df786bdb9b7 net-snmp-5.7.2-20.el7_1.1.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Aug 18 2015 Net-snmp Incomplete Parsing in snmp_pdu_parse() Lets Remote Users Crash snmpd or Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1636 Moderate CentOS 6 net-snmp Security Update


CentOS Errata and Security Advisory 2015:1636 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1636.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
7d65259ba49262f4ea465792df17021150b88fb631bb6cc9fb78c3e2afcc7b13  net-snmp-5.5-54.el6_7.1.i686.rpm
f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0  net-snmp-devel-5.5-54.el6_7.1.i686.rpm
9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f  net-snmp-libs-5.5-54.el6_7.1.i686.rpm
487672e30702060c654d92ec3a43685826cd85245aad5dc24b35ec52bcad4de1  net-snmp-perl-5.5-54.el6_7.1.i686.rpm
6c7dc314d6ea6f56809e758c8f78c8da9ee8e81021d7626d7af1713bb87fa823  net-snmp-python-5.5-54.el6_7.1.i686.rpm
79f7df2a8dac6f308cd01edbc35d3934e168a9ab6e84ad2abdf14e9ba7def4ec  net-snmp-utils-5.5-54.el6_7.1.i686.rpm

x86_64:
69cb14e6e321febc217ad5c390932fa21c2b07309e4b9930c388863d2dfe04f8  net-snmp-5.5-54.el6_7.1.x86_64.rpm
f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0  net-snmp-devel-5.5-54.el6_7.1.i686.rpm
33a82dca22cddcfbc51e70efd11611acc0e4b63c2f2dc514bd80fbaa65fa95ec  net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm
9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f  net-snmp-libs-5.5-54.el6_7.1.i686.rpm
4a61ae0b35a4fd7e373590936fd252963e67e9a29aae70c6b33ea1e885de7cb9  net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm
e17ac047fd00ae061b75e248aaccf73c09f6d6744174f88bfea2a9346d60997b  net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm
761e7fdec93c5f0ff1bdd76437b41a25615e0f840cb615574308e70415071d42  net-snmp-python-5.5-54.el6_7.1.x86_64.rpm
f5e5160005b74badbdc1b448cacf35285aba6ab605231d4984c6c71251d56c83  net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm

Source:
fca7ec6f841a900120a60473d1de25818183b84f424ac6e9a1914249876c048d  net-snmp-5.5-54.el6_7.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC