Security Advisory Moderate: net-snmp security update

Advisory: RHSA-2014:0322-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-03-24
Last updated on: 2014-03-24
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-6151
CVE-2014-2285

Details

Updated net-snmp packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The net-snmp packages provide various libraries and tools for the Simple
Network Management Protocol (SNMP), including an SNMP library, an
extensible agent, tools for requesting or setting information from SNMP
agents, tools for generating and handling SNMP traps, a version of the
netstat command which uses SNMP, and a Tk/Perl Management Information Base
(MIB) browser.

A denial of service flaw was found in the way snmpd, the Net-SNMP daemon,
handled subagent timeouts. A remote attacker able to trigger a subagent
timeout could use this flaw to cause snmpd to loop infinitely or crash.
(CVE-2012-6151)

A denial of service flaw was found in the way the snmptrapd service, which
receives and logs SNMP trap messages, handled SNMP trap requests with an
empty community string when the Perl handler (provided by the net-snmp-perl
package) was enabled. A remote attacker could use this flaw to crash
snmptrapd by sending a trap request with an empty community string.
(CVE-2014-2285)

All net-snmp users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the snmpd and snmptrapd services will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
net-snmp-5.3.2.2-22.el5_10.1.src.rpm
File outdated by:  RHBA-2014:1639
    MD5: 7761c73d65ef3a79e36bb30e5761a848
SHA-256: 950c8a3de27bc3bfdd2f56773d277b1aee9783eece3951b5c6815a0bea896b89
 
IA-32:
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 0fe995cd86a5b8ed7e8f9f4b4a8287e9
SHA-256: be2b563562faa78eb3a5712e54033138e4487c47173cd75523977fb8334d9f7a
 
x86_64:
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 68a51359e9973be9aa233210e38e4bbb
SHA-256: 807f7480933d74e2bc760541d82b6bd882ef5e14611e59a53aacb992d9013672
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 0fe995cd86a5b8ed7e8f9f4b4a8287e9
SHA-256: be2b563562faa78eb3a5712e54033138e4487c47173cd75523977fb8334d9f7a
net-snmp-devel-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: b4ca79c41b66a90aff87a01f94f63b27
SHA-256: d0e5da947c152db7340b928aece60ded4765eadfd44ab97a256a077c766290c4
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
net-snmp-5.3.2.2-22.el5_10.1.src.rpm
File outdated by:  RHBA-2014:1639
    MD5: 7761c73d65ef3a79e36bb30e5761a848
SHA-256: 950c8a3de27bc3bfdd2f56773d277b1aee9783eece3951b5c6815a0bea896b89
 
IA-32:
net-snmp-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: cf4b84a03468557ecf2f186837e07989
SHA-256: d1019844795ffb1efb3794ce07715abb2ee0c5bed36e79c34025b349234fb5ec
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 0fe995cd86a5b8ed7e8f9f4b4a8287e9
SHA-256: be2b563562faa78eb3a5712e54033138e4487c47173cd75523977fb8334d9f7a
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 191d749c488d36f71452d7a3de49e7ab
SHA-256: abb690565be294d9e14b51b7af4facdff503b9dfcadc60d9d70fdfae314edd97
net-snmp-perl-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 9c59c883e195a82138e2667ba4e5cbbd
SHA-256: daa8c7051f97db413727cac1a2f87ebaa4c2024cf8196e0d992b83919ca081f8
net-snmp-utils-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 31eb28733215d70e8b0b0c89c2d95e1d
SHA-256: 5d624503c94b514313981138358537a8f5bb5d5efdeec8c3852c6ccb8b202fe9
 
IA-64:
net-snmp-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 1f7e5e16c4b396215dbb9dc864b71b6f
SHA-256: 5dbc8be60f568577d03ad84adaa0a32d77b1e8efd5e6366ca7d9dc76c5fbb5da
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 2424f52c180b51d9936d340186764f85
SHA-256: b0689989850120c54928798107eabf5bf4c1c441e12149ccb189c16f197f1ab2
net-snmp-devel-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 1ab98ae48a95d2cfa5d9d570b3ef3f13
SHA-256: 19b24497d7c261ace30dc0c0f6952534f7500a6a009dac383f55e4a1f3c7b6db
net-snmp-libs-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: a2d1c9ddbb7023d14711508a55fd9202
SHA-256: 8dc54e50e0a7368245e7d08205ae886f147ba95417baa6d518cacca5f0dc81d9
net-snmp-perl-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: b8d70662a4bc3eaa04bd31f976492ae4
SHA-256: 6df531eb08cac2b38b4af1b522463486cd2643090b19be4ff62a06e755e3e7a7
net-snmp-utils-5.3.2.2-22.el5_10.1.ia64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 799dd588b194533e5020eb2e9b63ce1f
SHA-256: f712704e09002754bc932f541111fce3e9346149ee1d3767afbfbf31bbe23c7d
 
PPC:
net-snmp-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: 48dbac46892d041ca49dc9ec638a5248
SHA-256: 6ebbfdf03ec604412500f61c71f7464c5bacec06998588c8d999515888b1a663
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: a38782c90855acea731f889140606ba7
SHA-256: be0ab328a1b1380f1ca70a34dda3be35a57b1334b08f5cd871ca3762a24ef341
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ppc64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 5c0ccdcfa9cb3852d1183bef829822cd
SHA-256: ea6e0abde2ef8fcdac11ce37c2325e054dbf5108cd709ee25090a4022b278bd3
net-snmp-devel-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: a9085baada26ad05064e0f5cf4bdc741
SHA-256: a0290b867a4d97e490a5da5a65005148580b864c525e2c0a621314fee4df14b3
net-snmp-devel-5.3.2.2-22.el5_10.1.ppc64.rpm
File outdated by:  RHBA-2014:1639
    MD5: c4da272cf3eaca93f5b9003eda76038f
SHA-256: 571193d73e0cee84a544bde747242730201a2aab6a04e26e02616f6901e0c94b
net-snmp-libs-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: 3a4bfd3c8bc2931c431adf8e834277ad
SHA-256: 88a7122c99c4c3edd8acf335509c41deda269945b386cd5fc8c84ee7b856aadb
net-snmp-libs-5.3.2.2-22.el5_10.1.ppc64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 4c80b6e10a2ea9b508163cd91978761b
SHA-256: 01dc7e541ed7eb436a7117be95215252b99eab3fe491726026d246b36629232e
net-snmp-perl-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: 1d375eab553ad9e39d90da39179138e9
SHA-256: b5c100088bf180cf3da418158b0095acdaa9ceb9655f2f702c976a6695633646
net-snmp-utils-5.3.2.2-22.el5_10.1.ppc.rpm
File outdated by:  RHBA-2014:1639
    MD5: cae2b3b91cf481c3fdb9ffc648158d17
SHA-256: e37f1166351919eb0b81dcac1735febd4eac26a78ffc3f59ff218d6c7b83f1c8
 
s390x:
net-snmp-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: 3786f1a358e89a929739e6807e56d106
SHA-256: 575280f0163ec4111c585a40d2aba1d967cde38f0665ef58ef773232ea4af526
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.s390.rpm
File outdated by:  RHBA-2014:1639
    MD5: 36f9d06e27c62634d3454a3bc6660148
SHA-256: 54e73fc7047c1140508d384be2e2b0fe8aa7afc7c10eefb4bb4908e6a801dc6d
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: 48a7b9b73c9ee1d2e28759d01603a0c3
SHA-256: 352f112fc2f089f5380d4c68d7408cd57716aebeb782b26b0026525af1180460
net-snmp-devel-5.3.2.2-22.el5_10.1.s390.rpm
File outdated by:  RHBA-2014:1639
    MD5: f444e46d9a2aaaab885f33bf203aea23
SHA-256: 94abb2d7b89b536a82dac22658a81ceafa8bdaab3d9d4844bcf102457eb57221
net-snmp-devel-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: c0c443d9456985a14321210d51b7144f
SHA-256: 0e2c0ff86da93a281361c081294f4c6c1c15d5a749e4a18357a18af97507b6df
net-snmp-libs-5.3.2.2-22.el5_10.1.s390.rpm
File outdated by:  RHBA-2014:1639
    MD5: 52eb607c05e5d115001eab8ebe1fc7d3
SHA-256: 1d9172409a9708f116537e4ac4707866f0daf0632e99b99b9924434fd678f0f0
net-snmp-libs-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: f5fcbee63ab34aa3d77b6c255c3081e6
SHA-256: d0163829103c988594c4987523373dffa7874968ae2045965193b2f87379ddc6
net-snmp-perl-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: b0d230f2bb5f9a5c6a346d603fcab71e
SHA-256: 9c99c7784b55212f2f0c5275a228ee078c7c8f22472c29e27154f4d2f7a2bde4
net-snmp-utils-5.3.2.2-22.el5_10.1.s390x.rpm
File outdated by:  RHBA-2014:1639
    MD5: 5521804939d1a9799b8b6eb035e21fe8
SHA-256: d5ed585570e09b14f4acaaf1625d27bb5834f100ccb337a3ee6010f03a46b73e
 
x86_64:
net-snmp-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 8167809eb28c029248204fb623fbc05a
SHA-256: a72f8902129c0791df76c1f7daf2b350c26f1cc81f980b1af436903af81fd5b5
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 68a51359e9973be9aa233210e38e4bbb
SHA-256: 807f7480933d74e2bc760541d82b6bd882ef5e14611e59a53aacb992d9013672
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 0fe995cd86a5b8ed7e8f9f4b4a8287e9
SHA-256: be2b563562faa78eb3a5712e54033138e4487c47173cd75523977fb8334d9f7a
net-snmp-devel-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: b4ca79c41b66a90aff87a01f94f63b27
SHA-256: d0e5da947c152db7340b928aece60ded4765eadfd44ab97a256a077c766290c4
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 191d749c488d36f71452d7a3de49e7ab
SHA-256: abb690565be294d9e14b51b7af4facdff503b9dfcadc60d9d70fdfae314edd97
net-snmp-libs-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 5e3c0faf855ce02ebbea58ecb92705b2
SHA-256: a4aa09ad077c247c8ec2d9c26534050ad160d3b4e9fd5c64f539e120e0cc88d9
net-snmp-perl-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: c29d6ab5873782aab4648212ca88cd90
SHA-256: 2039577481ed0f28d6fe740bc22e6987d2df502c476257269919e3df785f341f
net-snmp-utils-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: cb216d5413312ccedb93a5086b0c3249
SHA-256: 67d6c420e1766ec5b9a082b3228ffc03cbf03bb277f3f26bfb2e3f31a2aa6b6b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
net-snmp-5.3.2.2-22.el5_10.1.src.rpm
File outdated by:  RHBA-2014:1639
    MD5: 7761c73d65ef3a79e36bb30e5761a848
SHA-256: 950c8a3de27bc3bfdd2f56773d277b1aee9783eece3951b5c6815a0bea896b89
 
IA-32:
net-snmp-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: cf4b84a03468557ecf2f186837e07989
SHA-256: d1019844795ffb1efb3794ce07715abb2ee0c5bed36e79c34025b349234fb5ec
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 191d749c488d36f71452d7a3de49e7ab
SHA-256: abb690565be294d9e14b51b7af4facdff503b9dfcadc60d9d70fdfae314edd97
net-snmp-perl-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 9c59c883e195a82138e2667ba4e5cbbd
SHA-256: daa8c7051f97db413727cac1a2f87ebaa4c2024cf8196e0d992b83919ca081f8
net-snmp-utils-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 31eb28733215d70e8b0b0c89c2d95e1d
SHA-256: 5d624503c94b514313981138358537a8f5bb5d5efdeec8c3852c6ccb8b202fe9
 
x86_64:
net-snmp-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 8167809eb28c029248204fb623fbc05a
SHA-256: a72f8902129c0791df76c1f7daf2b350c26f1cc81f980b1af436903af81fd5b5
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: c39514b48fbb381d5a333451773b5028
SHA-256: 15a0d81c3db666487272b6fd1c88adcbc12163f6de226b4737b9f1a6b4892a40
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 68a51359e9973be9aa233210e38e4bbb
SHA-256: 807f7480933d74e2bc760541d82b6bd882ef5e14611e59a53aacb992d9013672
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
File outdated by:  RHBA-2014:1639
    MD5: 191d749c488d36f71452d7a3de49e7ab
SHA-256: abb690565be294d9e14b51b7af4facdff503b9dfcadc60d9d70fdfae314edd97
net-snmp-libs-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: 5e3c0faf855ce02ebbea58ecb92705b2
SHA-256: a4aa09ad077c247c8ec2d9c26534050ad160d3b4e9fd5c64f539e120e0cc88d9
net-snmp-perl-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: c29d6ab5873782aab4648212ca88cd90
SHA-256: 2039577481ed0f28d6fe740bc22e6987d2df502c476257269919e3df785f341f
net-snmp-utils-5.3.2.2-22.el5_10.1.x86_64.rpm
File outdated by:  RHBA-2014:1639
    MD5: cb216d5413312ccedb93a5086b0c3249
SHA-256: 67d6c420e1766ec5b9a082b3228ffc03cbf03bb277f3f26bfb2e3f31a2aa6b6b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1038007 - CVE-2012-6151 net-snmp: snmpd crashes/hangs when AgentX subagent times-out
1072778 - CVE-2014-2285 net-snmp: snmptrapd crash when using a trap with empty community string


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/