[Full-disclosure] [ MDVSA-2008:225 ] net-snmp




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:225
http://www.mandriva.com/security/
_______________________________________________________________________

Package : net-snmp
Date : November 5, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A denial of service vulnerability was discovered in how Net-SNMP
processed GETBULK requests. A remote attacker with read access to
the SNMP server could issue a specially-crafted request which would
cause snmpd to crash (CVE-2008-4309).

Please note that for this to be successfully exploited, an attacker
must have read access to the SNMP server. By default, the public
community name grants read-only access, however it is recommended
that the default community name be changed in production.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
63c576c59db3887c9ff46aea999af904 2008.0/i586/libnet-snmp15-5.4.1-1.2mdv2008.0.i586.rpm
208783bde426bc2994b25eac38a2f6f6 2008.0/i586/libnet-snmp-devel-5.4.1-1.2mdv2008.0.i586.rpm
68d9b48a792253fcb647cb44b024fc6a 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.2mdv2008.0.i586.rpm
837f701fa84fbf24f866332d374baea0 2008.0/i586/net-snmp-5.4.1-1.2mdv2008.0.i586.rpm
6b8e3cde829e41e882a2bbde8f70e5c0 2008.0/i586/net-snmp-mibs-5.4.1-1.2mdv2008.0.i586.rpm
9c8d0a70cd23f49af617ebd950ab913b 2008.0/i586/net-snmp-trapd-5.4.1-1.2mdv2008.0.i586.rpm
27f9666d87ad5c63a170fa515c2cfb79 2008.0/i586/net-snmp-utils-5.4.1-1.2mdv2008.0.i586.rpm
fa774042539e5fa60662ea26cf5f79bb 2008.0/i586/perl-NetSNMP-5.4.1-1.2mdv2008.0.i586.rpm
62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
7862778bf4b9262707dae0101a051e84 2008.0/x86_64/lib64net-snmp15-5.4.1-1.2mdv2008.0.x86_64.rpm
907423d895272503d6684a7f14618a97 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
ba8972ac3af0a41754d7d830237be4a8 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
2f8efd6d1db501439a1da8b205c3ba4b 2008.0/x86_64/net-snmp-5.4.1-1.2mdv2008.0.x86_64.rpm
bd431f5a0c11b796223911463216d236 2008.0/x86_64/net-snmp-mibs-5.4.1-1.2mdv2008.0.x86_64.rpm
929e4b2e24137d0aed30e012d2cbee25 2008.0/x86_64/net-snmp-trapd-5.4.1-1.2mdv2008.0.x86_64.rpm
80679956f6b8e3f8095f1767d34cf7c7 2008.0/x86_64/net-snmp-utils-5.4.1-1.2mdv2008.0.x86_64.rpm
f8c2af7b036a33dbadf22498933c90b5 2008.0/x86_64/perl-NetSNMP-5.4.1-1.2mdv2008.0.x86_64.rpm
62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
aafe61f1aaaf2e13ef051fc1d7f5ab91 2008.1/i586/libnet-snmp15-5.4.1-5.2mdv2008.1.i586.rpm
c7f2b5e4d5955a12b4df0fbf82f38544 2008.1/i586/libnet-snmp-devel-5.4.1-5.2mdv2008.1.i586.rpm
f77c410069f938ae382fbee7012a349d 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.2mdv2008.1.i586.rpm
941b90ef50005b50829419575ab80ec1 2008.1/i586/net-snmp-5.4.1-5.2mdv2008.1.i586.rpm
d8d459f3213cb97b2708c37c787a7035 2008.1/i586/net-snmp-mibs-5.4.1-5.2mdv2008.1.i586.rpm
c753c1d4694d7b8c81f517c0c019accf 2008.1/i586/net-snmp-tkmib-5.4.1-5.2mdv2008.1.i586.rpm
69a0f39e0366cda18fb3cb7440adf2c8 2008.1/i586/net-snmp-trapd-5.4.1-5.2mdv2008.1.i586.rpm
825fe8ac0059480495d5f9f92b41775a 2008.1/i586/net-snmp-utils-5.4.1-5.2mdv2008.1.i586.rpm
61b88005dba39bdad7c18c2774fab3ed 2008.1/i586/perl-NetSNMP-5.4.1-5.2mdv2008.1.i586.rpm
1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
c4ddb52926754e188afa827365a9402d 2008.1/x86_64/lib64net-snmp15-5.4.1-5.2mdv2008.1.x86_64.rpm
b71406ffbf1fddbe11d4e23636015043 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
fbed296540545616ff8f248b32e7edf2 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
7e4f56fe2433fd5a80b3ec09ca801755 2008.1/x86_64/net-snmp-5.4.1-5.2mdv2008.1.x86_64.rpm
6275046a91fd1aea967f893720348f88 2008.1/x86_64/net-snmp-mibs-5.4.1-5.2mdv2008.1.x86_64.rpm
c05711a0a2a0b69652c6d19e3c883e01 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.2mdv2008.1.x86_64.rpm
012b8391c5c49432d270d247e39fa64a 2008.1/x86_64/net-snmp-trapd-5.4.1-5.2mdv2008.1.x86_64.rpm
d05bc5b73d566e16b76517fdd90f968d 2008.1/x86_64/net-snmp-utils-5.4.1-5.2mdv2008.1.x86_64.rpm
d37bc36bd7a861f71fce000319904387 2008.1/x86_64/perl-NetSNMP-5.4.1-5.2mdv2008.1.x86_64.rpm
1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
67a289261b50a6ec4bbb74503ff15860 2009.0/i586/libnet-snmp15-5.4.2-2.1mdv2009.0.i586.rpm
c0b057998d757e7988cac2276cc16d6a 2009.0/i586/libnet-snmp-devel-5.4.2-2.1mdv2009.0.i586.rpm
340271a223791169762e826744d1aab3 2009.0/i586/libnet-snmp-static-devel-5.4.2-2.1mdv2009.0.i586.rpm
4dad88af5b12b6001adc135e54a5f94c 2009.0/i586/net-snmp-5.4.2-2.1mdv2009.0.i586.rpm
41cc69981bd2dd2886f764f46a19c326 2009.0/i586/net-snmp-mibs-5.4.2-2.1mdv2009.0.i586.rpm
84ebcf44ee0d90e956d138ecafe7a9e0 2009.0/i586/net-snmp-tkmib-5.4.2-2.1mdv2009.0.i586.rpm
d9ff03f1bb268735f27d4e70e441675a 2009.0/i586/net-snmp-trapd-5.4.2-2.1mdv2009.0.i586.rpm
7d4891eb14e73c8f53cd7bee93dcab4b 2009.0/i586/net-snmp-utils-5.4.2-2.1mdv2009.0.i586.rpm
66d9db711d7064d6326c50414ffe945b 2009.0/i586/perl-NetSNMP-5.4.2-2.1mdv2009.0.i586.rpm
142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
d9b76860696183041c5431b28c133d79 2009.0/x86_64/lib64net-snmp15-5.4.2-2.1mdv2009.0.x86_64.rpm
3868b49eec570997ec1bce4603fdb5b1 2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
fde92f379f3e6f5d8e3cd307e0d3866d 2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
1265e20f1d23728a740ce3e23f6df279 2009.0/x86_64/net-snmp-5.4.2-2.1mdv2009.0.x86_64.rpm
e799c8dbd928539d2993f3a4268cf4fc 2009.0/x86_64/net-snmp-mibs-5.4.2-2.1mdv2009.0.x86_64.rpm
f34b37e106fe535c6262c0a20824cb71 2009.0/x86_64/net-snmp-tkmib-5.4.2-2.1mdv2009.0.x86_64.rpm
dc838be5485af308d3f560dd3dd23845 2009.0/x86_64/net-snmp-trapd-5.4.2-2.1mdv2009.0.x86_64.rpm
66be00a8327d9e0b9fcd4fb22829fd85 2009.0/x86_64/net-snmp-utils-5.4.2-2.1mdv2009.0.x86_64.rpm
b22b8c100f8b74be46f87cd9e33bdee3 2009.0/x86_64/perl-NetSNMP-5.4.2-2.1mdv2009.0.x86_64.rpm
142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm

Corporate 4.0:
e830fee5189a6d99235f8b5465cf1cf8 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.3.20060mlcs4.i586.rpm
a2b4e29f175d2f9cc0ad8709edbbbd87 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
741b5e8a9a8ecaf6f4a2d4849e45bd2f corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
94da62fa6bdc660c23e308111f73665e corporate/4.0/i586/net-snmp-5.2.1.2-5.3.20060mlcs4.i586.rpm
373a8f3e0bffea791d866c35dab6f2fa corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.i586.rpm
002e256aa1c2b0179894f0df8e10e70e corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.i586.rpm
23ccf736576e9002e84c09db16953ee6 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.i586.rpm
13dc4a180a0be9c5afe36168278ffdf3 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.i586.rpm
d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7095df865e54764c051f10040b4de25d corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
96a8dbf8ec18e76e4fddf52b2d19b93d corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
9af9807629580025cc1cdaba78826153 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
91d6d06059463804ae085bf42a702132 corporate/4.0/x86_64/net-snmp-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
47e44f0f67b04eae0c63ab9fc6636f10 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
478577d14048824ef556371e43892f0e corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
2766c681f5366ac9e9bfa74ff7388bd5 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
4ea12420b159bcecc5d7b2cef2bdeb8b corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJEdTsmqjQ0CJFipgRAk0yAJ91M1kRkgQqJovhGgIaofqwrLlWQgCglLwu
8ZyyTGYX15oaOsh4j4Mq4AU=
=qPXg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Full-Disclosure)
  • [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Full-Disclosure)
  • [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Bugtraq)
  • [ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities
    ... Dr S N Henson of the OpenSSL core team and Open Network Security ... Tavis Ormandy and Will Drewry of the Google Security Team discovered a ... Updated packages are patched to address these issues. ... Mandriva Linux 2006.0/X86_64: ...
    (Bugtraq)