Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4205-1

Опубликовано: 23 нояб. 2022
Источник: suse-cvrf

Описание

Security update for net-snmp

This update for net-snmp fixes the following issues:

Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):

  • CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.
  • CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.
  • CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.
  • CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
  • CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.
  • CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.

Список пакетов

Container ses/7.1/ceph/keepalived:latest
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-SAP-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-SAP-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-BYOS-EC2
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-Azure
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-BYOS
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-EC2
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP4-SAP-Hardened-GCE
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Azure-3P
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-BYOS-EC2
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-Azure
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-EC2
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP5-SAP-Hardened-GCE
libsnmp40-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
net-snmp-devel-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libsnmp40-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
net-snmp-devel-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
libsnmp40-32bit-5.9.3-150300.15.3.1
openSUSE Leap 15.3
libsnmp40-5.9.3-150300.15.3.1
libsnmp40-32bit-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
net-snmp-devel-5.9.3-150300.15.3.1
net-snmp-devel-32bit-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
python2-net-snmp-5.9.3-150300.15.3.1
python3-net-snmp-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
openSUSE Leap 15.4
libsnmp40-5.9.3-150300.15.3.1
libsnmp40-32bit-5.9.3-150300.15.3.1
net-snmp-5.9.3-150300.15.3.1
net-snmp-devel-5.9.3-150300.15.3.1
net-snmp-devel-32bit-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
python3-net-snmp-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1
openSUSE Leap 15.5
net-snmp-5.9.3-150300.15.3.1
net-snmp-devel-5.9.3-150300.15.3.1
net-snmp-devel-32bit-5.9.3-150300.15.3.1
perl-SNMP-5.9.3-150300.15.3.1
python3-net-snmp-5.9.3-150300.15.3.1
snmp-mibs-5.9.3-150300.15.3.1

Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки

Описание

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:snmp-mibs-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libsnmp40-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:net-snmp-5.9.3-150300.15.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:perl-SNMP-5.9.3-150300.15.3.1
Ссылки
Уязвимость SUSE-SU-2022:4205-1