Описание
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | net-snmp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | net-snmp | Out of support scope | ||
| Red Hat Enterprise Linux 8 | net-snmp | Will not fix | ||
| Red Hat Enterprise Linux 9 | net-snmp | Fixed | RHSA-2024:7260 | 26.09.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | net-snmp | Fixed | RHSA-2024:7875 | 09.10.2024 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
net-snmp provides various tools relating to the Simple Network Managem ...
Уязвимость набора программного обеспечения Net-SNMP, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
5.9 Medium
CVSS3