Hi Experts,
We are currently using CentOS 4.8 with net-snmp-5.4.1 rpms installed. We recently noticed the occurrence of the issue described in “CVE-2012-6151” in one of our customers environment. Hence we are in need of 5.4 version of NET-SNMP with the patch for the “CVE-2012-6151 - net-snmp: snmpd crashes/hangs when AgentX subagent times-out”(net-snmp-5.5-agentx-disconnect-crash.patch). We tried downloading the source rpms and tar.gz files from the below links, but we didn’t find this particular patch fix integrated in it.
Will this patch be integrated to net-snmp-5.4 version? Pls provide light on this.(any useful link to download patch for this version of NET-SNMP)
https://sourceforge.net/projects/net-snmp/files/net-snmp/5.4.4/
https://sourceforge.net/projects/net-snmp/files/net-snmp/5.4.5-pre-releases/
Hence we tried installing net-snmp-5.5 version which had the patch but we weren’t successful since it was not compatible with CentOS 4.8. We also tried installing net-snmp-5.3 rpms which has the patch fix(net-snmp-5.3.2.2-22.el5_10). Though we were successful we have a slight concern of moving to a lower version of NET-SNMP.
So we would like to clarify our doubts for a couple of questions,
Thanks in advance for your replies.
If this is not the right place to clarify, kindly redirect to the concerned forum. Any help on the above two queries will really help us.
Kindly help me out with this experts
For this CVE-2012-6151 Does this patch fix the version 5.7.1 where agent "X" registering to handle a MIB and processing GETNEXT requests allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Experts! Request you to help me out with this issue.