Package name
net-snmp
Date
2013-04-05
Advisory ID
MDVSA-2013:049
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in net-snmp:

An array index error, leading to out-of heap-based buffer read flaw
was found in the way net-snmp agent performed entries lookup in the
extension table. When certain MIB subtree was handled by the extend
directive, a remote attacker having read privilege to the subtree could
use this flaw to cause a denial of service (snmpd crash) via SNMP GET
request involving a non-existent extension table entry (CVE-2012-2141).

The updated packages have been patched to correct this issue.

Updated packages

MBS1 x86_64

 c8375668a2a19d41045b28740f531376  mbs1/x86_64/lib64net-snmp30-5.7.1-4.1.mbs1.x86_64.rpm
 1d2245b63fe16826dd070230d674582f  mbs1/x86_64/lib64net-snmp-devel-5.7.1-4.1.mbs1.x86_64.rpm
 2f4d1ba665ccd61235b8f0bdba7262c5  mbs1/x86_64/lib64net-snmp-static-devel-5.7.1-4.1.mbs1.x86_64.rpm
 f34a96ff7a5931bcb7205e36cc123ea5  mbs1/x86_64/net-snmp-5.7.1-4.1.mbs1.x86_64.rpm
 5ddf10a7de30e77ebf20bff5d6398c1d  mbs1/x86_64/net-snmp-mibs-5.7.1-4.1.mbs1.x86_64.rpm
 6641418b03c05488ef45900115edaf83  mbs1/x86_64/net-snmp-tkmib-5.7.1-4.1.mbs1.x86_64.rpm
 c3d27a12fbd3cb2e4bd2bf749300354b  mbs1/x86_64/net-snmp-trapd-5.7.1-4.1.mbs1.x86_64.rpm
 362c4933b0cfe00eafead47f9eb8dae2  mbs1/x86_64/net-snmp-utils-5.7.1-4.1.mbs1.x86_64.rpm
 ccb7d91cd7e0bdd5644a113155808c3a  mbs1/x86_64/perl-NetSNMP-5.7.1-4.1.mbs1.x86_64.rpm
 d485fe55c616659db1e8e9ccf0ecd4de  mbs1/x86_64/python-netsnmp-5.7.1-4.1.mbs1.x86_64.rpm 
 845a5a27d199e543acffb6710a8cb621  mbs1/SRPMS/net-snmp-5.7.1-4.1.mbs1.src.rpm

References