[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100602203057.GB6554@outflux.net>
Date: Wed, 2 Jun 2010 13:30:57 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-946-1] Net-SNMP vulnerability
===========================================================
Ubuntu Security Notice USN-946-1 June 02, 2010
net-snmp vulnerability
CVE-2008-6123
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1
In general, a standard system update will make all the necessary changes.
Details follow:
The SNMP server did not correctly validate certain UDP clients when using
TCP wrappers. Under some situations, a remote attacker could bypass
access restrictions and communicate with the SNMP server, potentially
leading to a loss of privacy or a denial of service.
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1.diff.gz
Size/MD5: 50255 029256b1a7e3dfc888973b3199fc4cae
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1.dsc
Size/MD5: 1914 bc412bb0a72b617ca9024e406fbb2afb
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1.orig.tar.gz
Size/MD5: 4629563 cf417b0efce82a852b6bf580932abd30
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_all.deb
Size/MD5: 1334534 1727057ca12e53c62341f40ad5c2f715
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_all.deb
Size/MD5: 961194 d2f6f4fcae5c1a2e13f94a71474330e6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 1821534 1f63a26a9442e80ea642c79c994325c9
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 145272 4fb87b4072498a6bc8ed9d459b28a0cc
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 1531046 a9a557c93996743685467872e8daf27c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 2178134 917bf64afba3961074a9acaacb7deabf
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 1035850 08a4efe23061921b8e31e7a44a6e7b42
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 953198 0b55e8ebe0d0cb817f35ac215863ae51
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
Size/MD5: 896436 fe7b9769d047531a1a023846bf2473fa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 1576112 6e3ff9cae32dbaa3df6b68a67ffcfcf0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 142000 f541888c1f926269e7d84282043457be
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 1530056 77c4e2bc96802bb256b07d1b10b7acd5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 2057450 94dcc771caef32458d80928f38c670a3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 1026320 7bc92b1f6d0ff3aeed09e4415416c4af
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 949472 ebbc700be30b0c11e93368850ec62f75
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
Size/MD5: 895424 6826be9b31d4f135869de1fde300476c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 1910436 110e0536e0b44d83ef5a9b474d2c1806
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 146512 942b19acb68679ada9676d061bd547da
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 1574948 ad736ea8604e01f02825b12c8c43bf87
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 2114854 2f044cc3b6fc0be85e412fa7d4c7a480
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 1030402 e1813a035ca31cc9fa5856ee571b6a57
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 950300 074a5279f56ed513cba85a7f675c5604
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
Size/MD5: 896144 89ecf0967a05fd9eb822634742a7e551
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 1804950 cb4b6465b5708f30d5bc13f796f26249
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 138236 22e9cffa177820f548e0a33a5a5e281c
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 1403642 be2d9ddf617e18b4fb1bf3d4a56670e7
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 2072232 4b4c74cd693ceccb382aa1c76890676c
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 1034014 232cf7a6c0f838aa40edf6ac659a748a
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 952498 c03e906338d5f8923bb2358defa5e1d1
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
Size/MD5: 896602 71ecde10a5577ee3ad08e7bfb59883b1
Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists