Menu

#1323 Queries regarding the patch for the(agentx-disconnect-crash.patch) CVE-2012-6151

backport-needed
open
nobody
None
4
2017-07-27
2016-03-30
Alagu
No

Hi Experts,

We are currently using CentOS 4.8 with net-snmp-5.4.1 rpms installed. We recently noticed the occurrence of the issue described in “CVE-2012-6151” in one of our customers environment. Hence we are in need of 5.4 version of NET-SNMP with the patch for the “CVE-2012-6151 - net-snmp: snmpd crashes/hangs when AgentX subagent times-out”(net-snmp-5.5-agentx-disconnect-crash.patch). We tried downloading the source rpms and tar.gz files from the below links, but we didn’t find this particular patch fix integrated in it.

Will this patch be integrated to net-snmp-5.4 version? Pls provide light on this.(any useful link to download patch for this version of NET-SNMP)

https://sourceforge.net/projects/net-snmp/files/net-snmp/5.4.4/
https://sourceforge.net/projects/net-snmp/files/net-snmp/5.4.5-pre-releases/

Hence we tried installing net-snmp-5.5 version which had the patch but we weren’t successful since it was not compatible with CentOS 4.8. We also tried installing net-snmp-5.3 rpms which has the patch fix(net-snmp-5.3.2.2-22.el5_10). Though we were successful we have a slight concern of moving to a lower version of NET-SNMP.

So we would like to clarify our doubts for a couple of questions,

  1. Whether the patch for the “CVE-2012-6151” was integrated as part of any net-snmp-5.4 versions? If yes we kindly request you to share us the link for the source rpm for the same.
  2. Secondly is there any major functional differences between net-snmp-5.4.1 and net-snmp-5.3.2.2-22 versions which may affect our movement to the lower version of NET-SNMP.

Thanks in advance for your replies.

If this is not the right place to clarify, kindly redirect to the concerned forum. Any help on the above two queries will really help us.

Discussion

  • Alagu

    Alagu - 2016-03-30

    Kindly help me out with this experts

     

  • Raamana Srikanth

    Raamana Srikanth - 2017-07-27

    For this CVE-2012-6151 Does this patch fix the version 5.7.1 where agent "X" registering to handle a MIB and processing GETNEXT requests allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

    Experts! Request you to help me out with this issue.

     

Log in to post a comment.