lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20051121110743.GA1608@piware.de>
Date: Mon, 21 Nov 2005 12:07:43 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-190-2] ucs-snmp vulnerability

===========================================================
Ubuntu Security Notice USN-190-2	  November 21, 2005
ucd-snmp vulnerability
CVE-2005-2177
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsnmp4.2

The problem can be corrected by upgrading the affected package to
version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04
(for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10).  After a
standard system upgrade you need to restart the cyrus email
server with

  /etc/init.d/cyrus21 restart

  (with root privileges, e. g. with using sudo).

Details follow:

USN-190-1 fixed a vulnerability in the net-snmp library. It was
discovered that the same problem also affects the ucs-snmp
implementation (which is used by the Cyrus email server).

Original advisory:

  A remote Denial of Service has been discovered in the SMNP (Simple
  Network Management Protocol) library. If a SNMP agent uses TCP sockets
  for communication, a malicious SNMP server could exploit this to crash
  the agent. Please note that by default SNMP uses UDP sockets.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz
      Size/MD5:    69622 5861e6945830eacba4c2094c94699aaf
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc
      Size/MD5:      779 4cbc553d37af0c9db4a9c6d1471547c0
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
      Size/MD5:  1707471 615e0b1e760cbb8c63b5392fe2d04b14

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb
      Size/MD5:   528770 ea77ab507ff3c90d4334e0dbaefbcfc6
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb
      Size/MD5:   648804 7922cb95648180a9e1d7a4d07af84523

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb
      Size/MD5:   457638 5af1620e60bc63d7d58c801c599a6fb4
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb
      Size/MD5:   624278 4c2e603b958d7fd5ca4005a8d68cfaef

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb
      Size/MD5:   601122 9bbcd21251c92c8244158d3ef2893b5d
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb
      Size/MD5:   615504 b4510e4e2eb589246c3e6ab9d3d2cbbc

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz
      Size/MD5:    69622 1f2f355dcc1d8a74740c75c336c7d64f
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc
      Size/MD5:      779 108154374c1784cd2a4372053773bd07
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
      Size/MD5:  1707471 615e0b1e760cbb8c63b5392fe2d04b14

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb
      Size/MD5:   528818 bbca4da8fd1dfdfdd75f421ebe7e7b95
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb
      Size/MD5:   648844 36f2c9547e261603317c1b87d8e528a5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb
      Size/MD5:   458084 d51dc298a88baa36c07aab3ca57a27dc
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb
      Size/MD5:   624800 80ddcb36a6597c811eb793f965e7b34f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb
      Size/MD5:   601120 b837c24ba5e35fd876e10d20ffc3b72b
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb
      Size/MD5:   615470 8739aefd6ccee20d2deacd3b0b0c0fb2

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz
      Size/MD5:    69879 6ef2cb3af6867a1456b473088261cc93
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc
      Size/MD5:      774 e9be486552af55a156c37d82b8e5934d
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
      Size/MD5:  1707471 615e0b1e760cbb8c63b5392fe2d04b14

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb
      Size/MD5:   551274 d75072859288156d876eb61ec0b1d9b9
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb
      Size/MD5:   663934 7f7ca12df144769d40dd1168fc36c679

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb
      Size/MD5:   465532 2669a212a3b23706f725e5d95167e143
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb
      Size/MD5:   619630 bddb573c1ffb88c5d722b91f27102a07

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb
      Size/MD5:   589426 02710f1b81d7406f246a56e5332600ac
    http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb
      Size/MD5:   628922 e6048dcafdfbda76fe3efa91fe78324b

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ