An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1888
Final
1.0
1.0
2022-09-02
Initial
2022-09-02
2022-09-02
openEuler SA Tool V1.0
2022-09-02
net-snmp security update
An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:
+ - An extensible agent for responding to SNMP queries including built-in
+ support for a wide range of MIB information modules
+ - Command-line applications to retrieve and manipulate information from
+ SNMP-capable devices
+ - A daemon application for receiving SNMP notifications
+ - A library for developing new SNMP applications, with C and Perl APIs
+ - A graphical MIB browser.
Security Fix(es):
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24809)
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES(CVE-2022-24807)
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference(CVE-2022-24808)
+*5.9.2*:
+ security:
+ - These two CVEs can be exploited by a user with read-only credentials:
+ - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+ NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+ - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - These CVEs can be exploited by a user with read-write credentials:
+ - CVE-2022-24806 Improper Input Validation when SETing malformed
+ OIDs in master agent and subagent simultaneously
+ - CVE-2022-24807 A malformed OID in a SET request to
+ SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+ out-of-bounds memory access.
+ - CVE-2022-24808 A malformed OID in a SET request to
+ NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+ - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
+ If you must use SNMPv1 or SNMPv2c, use a complex community string
+ and enhance the protection by restricting access to a given IP address range.
+ - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
+ reporting the following CVEs that have been fixed in this release, and
+ to Arista Networks for providing fixes.(CVE-2022-24805)
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24810)
From https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously(CVE-2022-24806)
An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
net-snmp
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24809
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24807
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24808
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24805
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24810
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24806
https://nvd.nist.gov/vuln/detail/CVE-2022-24809
https://nvd.nist.gov/vuln/detail/CVE-2022-24807
https://nvd.nist.gov/vuln/detail/CVE-2022-24808
https://nvd.nist.gov/vuln/detail/CVE-2022-24805
https://nvd.nist.gov/vuln/detail/CVE-2022-24810
https://nvd.nist.gov/vuln/detail/CVE-2022-24806
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
net-snmp-5.9-6.oe1.aarch64.rpm
net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm
net-snmp-perl-5.9-6.oe1.aarch64.rpm
python3-net-snmp-5.9-6.oe1.aarch64.rpm
net-snmp-libs-5.9-6.oe1.aarch64.rpm
net-snmp-gui-5.9-6.oe1.aarch64.rpm
net-snmp-devel-5.9-6.oe1.aarch64.rpm
net-snmp-debugsource-5.9-6.oe1.aarch64.rpm
net-snmp-devel-5.9-6.oe1.aarch64.rpm
python3-net-snmp-5.9-6.oe1.aarch64.rpm
net-snmp-5.9-6.oe1.aarch64.rpm
net-snmp-libs-5.9-6.oe1.aarch64.rpm
net-snmp-gui-5.9-6.oe1.aarch64.rpm
net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm
net-snmp-debugsource-5.9-6.oe1.aarch64.rpm
net-snmp-perl-5.9-6.oe1.aarch64.rpm
net-snmp-perl-5.9.1-3.oe2203.aarch64.rpm
net-snmp-debuginfo-5.9.1-3.oe2203.aarch64.rpm
net-snmp-devel-5.9.1-3.oe2203.aarch64.rpm
net-snmp-gui-5.9.1-3.oe2203.aarch64.rpm
net-snmp-libs-5.9.1-3.oe2203.aarch64.rpm
net-snmp-debugsource-5.9.1-3.oe2203.aarch64.rpm
net-snmp-5.9.1-3.oe2203.aarch64.rpm
python3-net-snmp-5.9.1-3.oe2203.aarch64.rpm
net-snmp-help-5.9-6.oe1.noarch.rpm
net-snmp-help-5.9-6.oe1.noarch.rpm
net-snmp-help-5.9.1-3.oe2203.noarch.rpm
net-snmp-5.9-6.oe1.src.rpm
net-snmp-5.9-6.oe1.src.rpm
net-snmp-5.9.1-3.oe2203.src.rpm
python3-net-snmp-5.9-6.oe1.x86_64.rpm
net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm
net-snmp-debugsource-5.9-6.oe1.x86_64.rpm
net-snmp-devel-5.9-6.oe1.x86_64.rpm
net-snmp-5.9-6.oe1.x86_64.rpm
net-snmp-gui-5.9-6.oe1.x86_64.rpm
net-snmp-perl-5.9-6.oe1.x86_64.rpm
net-snmp-libs-5.9-6.oe1.x86_64.rpm
net-snmp-debugsource-5.9-6.oe1.x86_64.rpm
net-snmp-gui-5.9-6.oe1.x86_64.rpm
net-snmp-devel-5.9-6.oe1.x86_64.rpm
net-snmp-perl-5.9-6.oe1.x86_64.rpm
python3-net-snmp-5.9-6.oe1.x86_64.rpm
net-snmp-5.9-6.oe1.x86_64.rpm
net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm
net-snmp-libs-5.9-6.oe1.x86_64.rpm
net-snmp-5.9.1-3.oe2203.x86_64.rpm
net-snmp-gui-5.9.1-3.oe2203.x86_64.rpm
python3-net-snmp-5.9.1-3.oe2203.x86_64.rpm
net-snmp-perl-5.9.1-3.oe2203.x86_64.rpm
net-snmp-debuginfo-5.9.1-3.oe2203.x86_64.rpm
net-snmp-debugsource-5.9.1-3.oe2203.x86_64.rpm
net-snmp-devel-5.9.1-3.oe2203.x86_64.rpm
net-snmp-libs-5.9.1-3.oe2203.x86_64.rpm
No description is available for this CVE.
2022-09-02
CVE-2022-24809
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
No description is available for this CVE.
2022-09-02
CVE-2022-24807
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
No description is available for this CVE.
2022-09-02
CVE-2022-24808
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
No description is available for this CVE.
2022-09-02
CVE-2022-24805
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.7
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
No description is available for this CVE.
2022-09-02
CVE-2022-24810
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888
No description is available for this CVE.
2022-09-02
CVE-2022-24806
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
net-snmp security update
2022-09-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888