lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1EUpk8-000p6FC@finlandia.Infodrom.North.DE>
Date: Wed Oct 26 19:17:29 2005
From: joey at infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 873-1] New net-snmp packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 873-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
October 26th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : net-snmp
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2177
BugTraq ID     : 14168

A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent's that
have opened a stream based protocol (eg TCP but not UDP).  By default,
Net-SNMP does not open a TCP port.

The old stable distribution (woody) does not contain a net-snmp package.

For the stable distribution (sarge) this problem has been fixed in
version 5.1.2-6.2.

For the unstable distribution (sid) this problem has been fixed in
version 5.2.1.2-1.

We recommend that you upgrade your net-snmp package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.dsc
      Size/MD5 checksum:      794 0aa985327e01703ee88e9c9fc63dcccb
    http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.diff.gz
      Size/MD5 checksum:    67941 80b50ece9798c3634843213632ea8b53
    http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2.orig.tar.gz
      Size/MD5 checksum:  3253579 8080555ab3f90011f25d5122042d9a8d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.1.2-6.2_all.deb
      Size/MD5 checksum:  1005346 9f09bd5325ecb399a6b8b8b4c74e409e
    http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.1.2-6.2_all.deb
      Size/MD5 checksum:   754688 5c84a39f4fb06e9ffae0c693b4e6c1fe

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_alpha.deb
      Size/MD5 checksum:   818316 c130066a195f6061032c039dbb70f4c6
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_alpha.deb
      Size/MD5 checksum:  1579716 b35f6363a539100eb8a32cdee143c4b5
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_alpha.deb
      Size/MD5 checksum:  1647842 99a7926ca98e85e3f8742dfc7a46b880
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_alpha.deb
      Size/MD5 checksum:   820826 8645dbb814fee32fd4dba772806b4e7d
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_alpha.deb
      Size/MD5 checksum:   733324 0d1113f65055b9802b1f0db33bf8566c

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_amd64.deb
      Size/MD5 checksum:   815302 8b739d0e928cbed3d4e5fc30df4dd26d
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_amd64.deb
      Size/MD5 checksum:  1553650 907b6ad8b395b2167ed07331d9ae88b1
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_amd64.deb
      Size/MD5 checksum:  1184882 fd9f8a3c36a0573737d2856e70be4b55
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_amd64.deb
      Size/MD5 checksum:   815620 073e011929c866ea6793852c48822f38
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_amd64.deb
      Size/MD5 checksum:   731774 aa783fcf78888d5379c80cadfecba92f

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_arm.deb
      Size/MD5 checksum:   811116 7c0db64010705b24094b04cb697c21ae
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_arm.deb
      Size/MD5 checksum:  1477848 0072b62e6a873a7bca251a5a7b1a4ac6
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_arm.deb
      Size/MD5 checksum:  1120060 5d51cd366d5497c549c95d81233820cb
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_arm.deb
      Size/MD5 checksum:   810168 1e2aaa41d86cbf1d3455cc3ad1e9246e
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_arm.deb
      Size/MD5 checksum:   730678 4da842f3e4c7820b6994dbaa4ce9464c

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_i386.deb
      Size/MD5 checksum:   818878 b3b728436c0d24dd71cae4c745d78d69
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_i386.deb
      Size/MD5 checksum:  1531948 64e0d4d60e1ec437c0693cd80ab5652d
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_i386.deb
      Size/MD5 checksum:  1100052 a86f8867983efe3eaf2ae2c0a529fcd7
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_i386.deb
      Size/MD5 checksum:   811618 6939d4e93c77a9da325a1558d0b1c492
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_i386.deb
      Size/MD5 checksum:   730514 a31ff071dc8dc2406f60d8c9fc4f8a74

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_ia64.deb
      Size/MD5 checksum:   846348 9902935d551e5eec1aaefdb2689bc1ba
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_ia64.deb
      Size/MD5 checksum:  1780724 eb6b2eb4ba43a0a0bcb99cdd51b2e4e8
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_ia64.deb
      Size/MD5 checksum:  1584452 caa05c744a6ce901def3aefa11347302
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_ia64.deb
      Size/MD5 checksum:   838818 a59fd105fb8b839031eacc1faf3410a4
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_ia64.deb
      Size/MD5 checksum:   737976 22069dd21aab422a67ca368dc7537aa4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_hppa.deb
      Size/MD5 checksum:   829624 8d8d43de36f2846f0f4c689eafc239d1
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_hppa.deb
      Size/MD5 checksum:  1604876 1f5fc833c478b0e737d89a86b69bf6a0
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_hppa.deb
      Size/MD5 checksum:  1368226 d77ce1656b2f5f1c09bd98aeb17bb354
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_hppa.deb
      Size/MD5 checksum:   824466 8a1f5d695a218655932180b3f8e3b49c
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_hppa.deb
      Size/MD5 checksum:   733168 1c894d59e8d8cad67210b22049c55338

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_m68k.deb
      Size/MD5 checksum:   811308 675071b60bf7604029d3b9bb7f9d7fa7
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_m68k.deb
      Size/MD5 checksum:  1437126 f72bf3101dff7666764144e067c222b4
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_m68k.deb
      Size/MD5 checksum:   996514 d65a43ee4d13f7d8b2e60fcd79bc1a46
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_m68k.deb
      Size/MD5 checksum:   804982 c401927b09c0ee5c79727bebefcbb026
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_m68k.deb
      Size/MD5 checksum:   730252 1c91b25ab5926d6da868aa9b4bf84fd4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mips.deb
      Size/MD5 checksum:   784884 fa5d5b971d96c5188aed859eba805eb4
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mips.deb
      Size/MD5 checksum:  1413338 1232a5281e48c703c99cabc5ea8777a5
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mips.deb
      Size/MD5 checksum:  1312878 d3dd3cd33fef646b53c1e5f5e93ee788
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mips.deb
      Size/MD5 checksum:   832678 3eda8f1830383293eba823cf984d15d5
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mips.deb
      Size/MD5 checksum:   731444 3c50ceaea9bd62bce4eb4c5fb2bb0678

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mipsel.deb
      Size/MD5 checksum:   784866 a2bab5ddee0ec91f396422f0fd0133ee
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mipsel.deb
      Size/MD5 checksum:  1418510 ba607a78662d2294d82c7425e804f3d1
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mipsel.deb
      Size/MD5 checksum:  1273102 66daf0e381d18f91ddfd738243339b85
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mipsel.deb
      Size/MD5 checksum:   832708 3f4362c2c82fea024e2b14c3722b2351
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mipsel.deb
      Size/MD5 checksum:   731292 5c06ed6b9b380e2cf88e14f900f0d634

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_powerpc.deb
      Size/MD5 checksum:   832410 367a1322826f11ef9dcbdc0c2a555a4b
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_powerpc.deb
      Size/MD5 checksum:  1484164 0489fb05721749be8a77c3b6be7b6814
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_powerpc.deb
      Size/MD5 checksum:  1322578 4c3972bc7d19a25863efd7fc20447363
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_powerpc.deb
      Size/MD5 checksum:   824460 80aa5fe58c0d357bfcdea1e6568889d1
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_powerpc.deb
      Size/MD5 checksum:   731674 94282339ba881ba28c2f06a84dab01e9

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_s390.deb
      Size/MD5 checksum:   793848 a76fffb4dcb478b9ab2a6a304dce5667
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_s390.deb
      Size/MD5 checksum:  1480932 a81f9fbb32fc486ba92bac8ed84f3abd
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_s390.deb
      Size/MD5 checksum:  1077868 fcf7d1957102b26ea3a8fa9c70b305e5
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_s390.deb
      Size/MD5 checksum:   814068 cee89d4ce9dce6cb508e608ad8718796
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_s390.deb
      Size/MD5 checksum:   731410 9f59b5a7ce92d38560b5c529fd134473

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_sparc.deb
      Size/MD5 checksum:   813492 8a2bcbc7c3ac29a7de6ab08f1e23a554
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_sparc.deb
      Size/MD5 checksum:  1484394 4386034ab461611e28beaefa2acc237c
    http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_sparc.deb
      Size/MD5 checksum:  1198292 460d4253893dfd4e87a015427a95cb08
    http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_sparc.deb
      Size/MD5 checksum:   809826 d1b38721fae2ebc880cef0703d7d4d68
    http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_sparc.deb
      Size/MD5 checksum:   730608 26961f57a7aa5fed6a04813b7627531f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDX8bHW5ql+IAeqTIRAv8EAJ9dOXX+SuYPVnHQbUQhd176V5DGewCglfyJ
pHyXmMzmExE5Fn3NIYf+vuw=
=mtjW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ