Dear Net-SNMP Users support group,
It is our business requirement to monitor a SafeNet HSM Luna G5 device
using SNMP which only support the AgentX protocol. We are going to use
NET-SNMP for this important task. Also, our security team allows only the
latest version of NET-SNMP (i.e. Ver 5.7.x.x) to be installed on our
production environment due to the fact that it exposed to least security
vulnerability. However, our server where the HSM device are connected is a
Windows server 2012 R2 64-bits host. It seems that we can only found a
32-bit version of Net-SNMP 5.7 windows binary available and when we tried
to install it on our 64-bit windows 2012 box, it clearly stated that the
NET-SNMP Service will not be able to start. Our question is as follows:
1) Can anyone provide a link or location of the NET-SNMP 5.7.X 64-bit
windows binary ?
2) NET-SNMP 5.5 64-bit is available but this version is vulnerable to TWO
vulnerabilities :
a) CVE-2014-3565 <http://www.cvedetails.com/cve/CVE-2014-3565/> - when the
-OQ option is used, allows remote attackers to cause a denial of service
(snmptrapd crash) via a crafted SNMP trap message, which triggers a
conversion to the variable type designated in the MIB file, as demonstrated
by a NULL type in an ifMtu trap message.
b) CVE-2012-6151 <http://www.cvedetails.com/cve/CVE-2012-6151/>
when AgentX is registering to handle a MIB and processing GETNEXT requests,
allows remote attackers to cause a denial of service (crash or infinite
loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
It seems that the vulnerabilities updates is only applicable to Linux/Unix
platform only and we would like to know where can we found the Fix Patch
for windows 64-bit platform ?
Highly appreciated your kind advance in advance.
Thanks & Regards
Patrick
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
