lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Kxp0q-0002aw-DP@titan.mandriva.com>
Date: Wed, 05 Nov 2008 13:30:00 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:225 ] net-snmp


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:225
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : net-snmp
 Date    : November 5, 2008
 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A denial of service vulnerability was discovered in how Net-SNMP
 processed GETBULK requests.  A remote attacker with read access to
 the SNMP server could issue a specially-crafted request which would
 cause snmpd to crash (CVE-2008-4309).
 
 Please note that for this to be successfully exploited, an attacker
 must have read access to the SNMP server.  By default, the public
 community name grants read-only access, however it is recommended
 that the default community name be changed in production.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 63c576c59db3887c9ff46aea999af904  2008.0/i586/libnet-snmp15-5.4.1-1.2mdv2008.0.i586.rpm
 208783bde426bc2994b25eac38a2f6f6  2008.0/i586/libnet-snmp-devel-5.4.1-1.2mdv2008.0.i586.rpm
 68d9b48a792253fcb647cb44b024fc6a  2008.0/i586/libnet-snmp-static-devel-5.4.1-1.2mdv2008.0.i586.rpm
 837f701fa84fbf24f866332d374baea0  2008.0/i586/net-snmp-5.4.1-1.2mdv2008.0.i586.rpm
 6b8e3cde829e41e882a2bbde8f70e5c0  2008.0/i586/net-snmp-mibs-5.4.1-1.2mdv2008.0.i586.rpm
 9c8d0a70cd23f49af617ebd950ab913b  2008.0/i586/net-snmp-trapd-5.4.1-1.2mdv2008.0.i586.rpm
 27f9666d87ad5c63a170fa515c2cfb79  2008.0/i586/net-snmp-utils-5.4.1-1.2mdv2008.0.i586.rpm
 fa774042539e5fa60662ea26cf5f79bb  2008.0/i586/perl-NetSNMP-5.4.1-1.2mdv2008.0.i586.rpm 
 62fd3d953786bb45cc442069a9dbae14  2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 7862778bf4b9262707dae0101a051e84  2008.0/x86_64/lib64net-snmp15-5.4.1-1.2mdv2008.0.x86_64.rpm
 907423d895272503d6684a7f14618a97  2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
 ba8972ac3af0a41754d7d830237be4a8  2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
 2f8efd6d1db501439a1da8b205c3ba4b  2008.0/x86_64/net-snmp-5.4.1-1.2mdv2008.0.x86_64.rpm
 bd431f5a0c11b796223911463216d236  2008.0/x86_64/net-snmp-mibs-5.4.1-1.2mdv2008.0.x86_64.rpm
 929e4b2e24137d0aed30e012d2cbee25  2008.0/x86_64/net-snmp-trapd-5.4.1-1.2mdv2008.0.x86_64.rpm
 80679956f6b8e3f8095f1767d34cf7c7  2008.0/x86_64/net-snmp-utils-5.4.1-1.2mdv2008.0.x86_64.rpm
 f8c2af7b036a33dbadf22498933c90b5  2008.0/x86_64/perl-NetSNMP-5.4.1-1.2mdv2008.0.x86_64.rpm 
 62fd3d953786bb45cc442069a9dbae14  2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 aafe61f1aaaf2e13ef051fc1d7f5ab91  2008.1/i586/libnet-snmp15-5.4.1-5.2mdv2008.1.i586.rpm
 c7f2b5e4d5955a12b4df0fbf82f38544  2008.1/i586/libnet-snmp-devel-5.4.1-5.2mdv2008.1.i586.rpm
 f77c410069f938ae382fbee7012a349d  2008.1/i586/libnet-snmp-static-devel-5.4.1-5.2mdv2008.1.i586.rpm
 941b90ef50005b50829419575ab80ec1  2008.1/i586/net-snmp-5.4.1-5.2mdv2008.1.i586.rpm
 d8d459f3213cb97b2708c37c787a7035  2008.1/i586/net-snmp-mibs-5.4.1-5.2mdv2008.1.i586.rpm
 c753c1d4694d7b8c81f517c0c019accf  2008.1/i586/net-snmp-tkmib-5.4.1-5.2mdv2008.1.i586.rpm
 69a0f39e0366cda18fb3cb7440adf2c8  2008.1/i586/net-snmp-trapd-5.4.1-5.2mdv2008.1.i586.rpm
 825fe8ac0059480495d5f9f92b41775a  2008.1/i586/net-snmp-utils-5.4.1-5.2mdv2008.1.i586.rpm
 61b88005dba39bdad7c18c2774fab3ed  2008.1/i586/perl-NetSNMP-5.4.1-5.2mdv2008.1.i586.rpm 
 1f73d4a19a2a0a159cdf4d1058ce17f2  2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 c4ddb52926754e188afa827365a9402d  2008.1/x86_64/lib64net-snmp15-5.4.1-5.2mdv2008.1.x86_64.rpm
 b71406ffbf1fddbe11d4e23636015043  2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
 fbed296540545616ff8f248b32e7edf2  2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
 7e4f56fe2433fd5a80b3ec09ca801755  2008.1/x86_64/net-snmp-5.4.1-5.2mdv2008.1.x86_64.rpm
 6275046a91fd1aea967f893720348f88  2008.1/x86_64/net-snmp-mibs-5.4.1-5.2mdv2008.1.x86_64.rpm
 c05711a0a2a0b69652c6d19e3c883e01  2008.1/x86_64/net-snmp-tkmib-5.4.1-5.2mdv2008.1.x86_64.rpm
 012b8391c5c49432d270d247e39fa64a  2008.1/x86_64/net-snmp-trapd-5.4.1-5.2mdv2008.1.x86_64.rpm
 d05bc5b73d566e16b76517fdd90f968d  2008.1/x86_64/net-snmp-utils-5.4.1-5.2mdv2008.1.x86_64.rpm
 d37bc36bd7a861f71fce000319904387  2008.1/x86_64/perl-NetSNMP-5.4.1-5.2mdv2008.1.x86_64.rpm 
 1f73d4a19a2a0a159cdf4d1058ce17f2  2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 67a289261b50a6ec4bbb74503ff15860  2009.0/i586/libnet-snmp15-5.4.2-2.1mdv2009.0.i586.rpm
 c0b057998d757e7988cac2276cc16d6a  2009.0/i586/libnet-snmp-devel-5.4.2-2.1mdv2009.0.i586.rpm
 340271a223791169762e826744d1aab3  2009.0/i586/libnet-snmp-static-devel-5.4.2-2.1mdv2009.0.i586.rpm
 4dad88af5b12b6001adc135e54a5f94c  2009.0/i586/net-snmp-5.4.2-2.1mdv2009.0.i586.rpm
 41cc69981bd2dd2886f764f46a19c326  2009.0/i586/net-snmp-mibs-5.4.2-2.1mdv2009.0.i586.rpm
 84ebcf44ee0d90e956d138ecafe7a9e0  2009.0/i586/net-snmp-tkmib-5.4.2-2.1mdv2009.0.i586.rpm
 d9ff03f1bb268735f27d4e70e441675a  2009.0/i586/net-snmp-trapd-5.4.2-2.1mdv2009.0.i586.rpm
 7d4891eb14e73c8f53cd7bee93dcab4b  2009.0/i586/net-snmp-utils-5.4.2-2.1mdv2009.0.i586.rpm
 66d9db711d7064d6326c50414ffe945b  2009.0/i586/perl-NetSNMP-5.4.2-2.1mdv2009.0.i586.rpm 
 142a9d0f6b5b895e50c93f66dd112459  2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d9b76860696183041c5431b28c133d79  2009.0/x86_64/lib64net-snmp15-5.4.2-2.1mdv2009.0.x86_64.rpm
 3868b49eec570997ec1bce4603fdb5b1  2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
 fde92f379f3e6f5d8e3cd307e0d3866d  2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
 1265e20f1d23728a740ce3e23f6df279  2009.0/x86_64/net-snmp-5.4.2-2.1mdv2009.0.x86_64.rpm
 e799c8dbd928539d2993f3a4268cf4fc  2009.0/x86_64/net-snmp-mibs-5.4.2-2.1mdv2009.0.x86_64.rpm
 f34b37e106fe535c6262c0a20824cb71  2009.0/x86_64/net-snmp-tkmib-5.4.2-2.1mdv2009.0.x86_64.rpm
 dc838be5485af308d3f560dd3dd23845  2009.0/x86_64/net-snmp-trapd-5.4.2-2.1mdv2009.0.x86_64.rpm
 66be00a8327d9e0b9fcd4fb22829fd85  2009.0/x86_64/net-snmp-utils-5.4.2-2.1mdv2009.0.x86_64.rpm
 b22b8c100f8b74be46f87cd9e33bdee3  2009.0/x86_64/perl-NetSNMP-5.4.2-2.1mdv2009.0.x86_64.rpm 
 142a9d0f6b5b895e50c93f66dd112459  2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm

 Corporate 4.0:
 e830fee5189a6d99235f8b5465cf1cf8  corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.3.20060mlcs4.i586.rpm
 a2b4e29f175d2f9cc0ad8709edbbbd87  corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
 741b5e8a9a8ecaf6f4a2d4849e45bd2f  corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
 94da62fa6bdc660c23e308111f73665e  corporate/4.0/i586/net-snmp-5.2.1.2-5.3.20060mlcs4.i586.rpm
 373a8f3e0bffea791d866c35dab6f2fa  corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.i586.rpm
 002e256aa1c2b0179894f0df8e10e70e  corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.i586.rpm
 23ccf736576e9002e84c09db16953ee6  corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.i586.rpm
 13dc4a180a0be9c5afe36168278ffdf3  corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.i586.rpm 
 d9cfd05c0de2b6891761627579ccc1d8  corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7095df865e54764c051f10040b4de25d  corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 96a8dbf8ec18e76e4fddf52b2d19b93d  corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 9af9807629580025cc1cdaba78826153  corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 91d6d06059463804ae085bf42a702132  corporate/4.0/x86_64/net-snmp-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 47e44f0f67b04eae0c63ab9fc6636f10  corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 478577d14048824ef556371e43892f0e  corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 2766c681f5366ac9e9bfa74ff7388bd5  corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
 4ea12420b159bcecc5d7b2cef2bdeb8b  corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 
 d9cfd05c0de2b6891761627579ccc1d8  corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJEdTsmqjQ0CJFipgRAk0yAJ91M1kRkgQqJovhGgIaofqwrLlWQgCglLwu
8ZyyTGYX15oaOsh4j4Mq4AU=
=qPXg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ