lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070502153659.GE20826@outflux.net>
Date: Wed, 2 May 2007 08:36:59 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-456-1] net-snmp vulnerability

=========================================================== 
Ubuntu Security Notice USN-456-1               May 02, 2007
net-snmp vulnerability
CVE-2005-4837
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  snmpd                                    5.2.1.2-4ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The SNMP service did not correctly handle TCP disconnects.  Remote 
subagents could cause a denial of service if they dropped a connection 
at a specific time.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.diff.gz
      Size/MD5:    71936 2a4cb9c1f800080e5e2374f3f84b8d7a
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.dsc
      Size/MD5:      792 2855b4bf1c6d5fdda432999b3e7c7533
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
      Size/MD5:  3869893 34159770a7fe418d99fdd416a75358b1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:  1151640 e40129b2a40d0efe2644207776152c98
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:   822598 b768bdd2b9f4417925b4b3efb3d4edcb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   896164 855871a700bfa3655ac3a10118cb69e6
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1496678 398e8f61079aff0fba54135322812d36
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1825690 fb3b45a844420bc93c0c1ea7aec1b6c8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   888946 2ddf1fd336891d925c05c093620c6755
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   796756 90b141201184e1f01ab9ff0e1b4f3612

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   896372 eac0a7df274971ba80b1dd669c0f0ec8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1267600 b52a5f612636a6d2ba77efe7da2fb864
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1709432 cb84264a9581bcbb2093280924d2036f
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   881478 4d9bc662c8ecab47b484c33765b24a55
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   794300 aeaf12afa90adbe6466e1f14ac3a81e7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   912514 2af054816148762b77a561655944b2b8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1589090 f00c4b7f21855f7862864bf51b898569
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1727216 7a982cc48199b22df04cb84f1fc5f217
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   898250 75a7b6278614c10ab1967a689f00a6e1
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   795666 449405c93bf2c822694c51c09112cf6c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   896380 8d9bced826d6097c92b056fba5651cec
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1485066 fff34136dd9ef3ccb9fa43d58cb8f31c
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1705908 95015429b477368287651682622c12ff
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   882846 223f74ba12b6374e8c79c9b05b3f7a9e
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   796020 af0197bc714b9a1bf0ad240d208ee497


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ