Hi Team,
Is there any fix available in CentOS 7.6 updates (or) in later versions of CentOS for the net-snmp vulnerability - CVE-2015-5621 ?
I have checked all the change logs of available RPMs from CentOS 7 to 8 but couldn't see any fix related to this vulnerability. Even I couldn't see anything in change log of net-snmp website as well.
Thanks,
Srini
Fix for net-snmp vulnerability CVE-2015-5621
Re: Fix for net-snmp vulnerability CVE-2015-5621
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Fix for net-snmp vulnerability CVE-2015-5621
Thanks TrevoH.
Is this fix ported in CentOS's net-snmp package?
We are using Centos 7.6 which uses net-snmp-5.7.2-37.el7.x86_64 and our internal Security Team reported this version is vulnerable to the CVE.
Is the fix in Redhat version net-snmp-5.7.2-20.el7_1.1.x86_64.rpm available in any of the below CentOS's packages,
CentOS 7.6 update: net-snmp-5.7.2-38.el7_6.2.x86_64.rpm
CentOS 7.7 net-snmp-5.7.2-43.el7.src.rpm
CentOS 8.0 net-snmp-5.8-7.el8_0.2.src.rpm
CentOS 8.1 net-snmp-5.8-12.el8_1.src.rpm
Is this fix ported in CentOS's net-snmp package?
We are using Centos 7.6 which uses net-snmp-5.7.2-37.el7.x86_64 and our internal Security Team reported this version is vulnerable to the CVE.
Is the fix in Redhat version net-snmp-5.7.2-20.el7_1.1.x86_64.rpm available in any of the below CentOS's packages,
CentOS 7.6 update: net-snmp-5.7.2-38.el7_6.2.x86_64.rpm
CentOS 7.7 net-snmp-5.7.2-43.el7.src.rpm
CentOS 8.0 net-snmp-5.8-7.el8_0.2.src.rpm
CentOS 8.1 net-snmp-5.8-12.el8_1.src.rpm
Re: Fix for net-snmp vulnerability CVE-2015-5621
The fix will be in all higher versions than the one it says the fix is in.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Fix for net-snmp vulnerability CVE-2015-5621
Hi TrevoH,
As per our Security Team, the CentOS 7.6 version net-snmp-5.7.2-37.el7.x86_64 (which is even higher than the RHEL fix version net-snmp-5.7.2-20.el7_1.1.x86_64.rpm) is vulnerable.
Thats why little confused on the fix version which we need to pick for CentOS.
Regards,
Srini
As per our Security Team, the CentOS 7.6 version net-snmp-5.7.2-37.el7.x86_64 (which is even higher than the RHEL fix version net-snmp-5.7.2-20.el7_1.1.x86_64.rpm) is vulnerable.
Thats why little confused on the fix version which we need to pick for CentOS.
Regards,
Srini
Re: Fix for net-snmp vulnerability CVE-2015-5621
Your security team is probably looking at just the banner reported by snmp which most likely just contains the major version 5.7.2. This is very common with vulnerability scanners and can be ignored.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Fix for net-snmp vulnerability CVE-2015-5621
Ok Got it. Thanks for the clarification