[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051121110743.GA1608@piware.de>
Date: Mon Nov 21 11:07:45 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-190-2] ucs-snmp vulnerability
===========================================================
Ubuntu Security Notice USN-190-2 November 21, 2005
ucd-snmp vulnerability
CVE-2005-2177
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libsnmp4.2
The problem can be corrected by upgrading the affected package to
version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04
(for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a
standard system upgrade you need to restart the cyrus email
server with
/etc/init.d/cyrus21 restart
(with root privileges, e. g. with using sudo).
Details follow:
USN-190-1 fixed a vulnerability in the net-snmp library. It was
discovered that the same problem also affects the ucs-snmp
implementation (which is used by the Cyrus email server).
Original advisory:
A remote Denial of Service has been discovered in the SMNP (Simple
Network Management Protocol) library. If a SNMP agent uses TCP sockets
for communication, a malicious SNMP server could exploit this to crash
the agent. Please note that by default SNMP uses UDP sockets.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz
Size/MD5: 69622 5861e6945830eacba4c2094c94699aaf
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc
Size/MD5: 779 4cbc553d37af0c9db4a9c6d1471547c0
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 528770 ea77ab507ff3c90d4334e0dbaefbcfc6
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 648804 7922cb95648180a9e1d7a4d07af84523
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 457638 5af1620e60bc63d7d58c801c599a6fb4
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 624278 4c2e603b958d7fd5ca4005a8d68cfaef
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 601122 9bbcd21251c92c8244158d3ef2893b5d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 615504 b4510e4e2eb589246c3e6ab9d3d2cbbc
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz
Size/MD5: 69622 1f2f355dcc1d8a74740c75c336c7d64f
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc
Size/MD5: 779 108154374c1784cd2a4372053773bd07
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 528818 bbca4da8fd1dfdfdd75f421ebe7e7b95
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 648844 36f2c9547e261603317c1b87d8e528a5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 458084 d51dc298a88baa36c07aab3ca57a27dc
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 624800 80ddcb36a6597c811eb793f965e7b34f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 601120 b837c24ba5e35fd876e10d20ffc3b72b
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 615470 8739aefd6ccee20d2deacd3b0b0c0fb2
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz
Size/MD5: 69879 6ef2cb3af6867a1456b473088261cc93
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc
Size/MD5: 774 e9be486552af55a156c37d82b8e5934d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 551274 d75072859288156d876eb61ec0b1d9b9
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 663934 7f7ca12df144769d40dd1168fc36c679
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 465532 2669a212a3b23706f725e5d95167e143
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 619630 bddb573c1ffb88c5d722b91f27102a07
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 589426 02710f1b81d7406f246a56e5332600ac
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 628922 e6048dcafdfbda76fe3efa91fe78324b
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051121/2ac28f11/attachment.bin
Powered by blists - more mailing lists