[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Shijp-0002JV-Fr@titan.mandriva.com>
Date: Thu, 21 Jun 2012 16:52:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:099 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:099
http://www.mandriva.com/security/
_______________________________________________________________________
Package : net-snmp
Date : June 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in net-snmp:
An array index error, leading to out-of heap-based buffer read flaw
was found in the way net-snmp agent performed entries lookup in the
extension table. When certain MIB subtree was handled by the extend
directive, a remote attacker having read privilege to the subtree could
use this flaw to cause a denial of service (snmpd crash) via SNMP GET
request involving a non-existent extension table entry (CVE-2012-2141).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
549a715a24b4cfed186201abb88ab4c1 2010.1/i586/libnet-snmp20-5.5-7.1mdv2010.2.i586.rpm
dffee731e289b4c338c02ad8c85a0312 2010.1/i586/libnet-snmp-devel-5.5-7.1mdv2010.2.i586.rpm
ab2d140c9e9ee6a3ca05df9e4a1e65cb 2010.1/i586/libnet-snmp-static-devel-5.5-7.1mdv2010.2.i586.rpm
a78a283445d42add9164081350cb2e79 2010.1/i586/net-snmp-5.5-7.1mdv2010.2.i586.rpm
af747c2cd184b9cd0071320b71e23d62 2010.1/i586/net-snmp-mibs-5.5-7.1mdv2010.2.i586.rpm
1703166df266d466ee5ebd1e3e42152f 2010.1/i586/net-snmp-tkmib-5.5-7.1mdv2010.2.i586.rpm
4416385214616480e1a703430de0160d 2010.1/i586/net-snmp-trapd-5.5-7.1mdv2010.2.i586.rpm
ec6325d9778014907cd3f30a31a02791 2010.1/i586/net-snmp-utils-5.5-7.1mdv2010.2.i586.rpm
38e51b57e5d9d03edb6ea01545d3bc25 2010.1/i586/perl-NetSNMP-5.5-7.1mdv2010.2.i586.rpm
901eeb7abf12be68bc3a24f76cbad087 2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
568bdf766fd52583fe8793d55cfbc40a 2010.1/x86_64/lib64net-snmp20-5.5-7.1mdv2010.2.x86_64.rpm
fbdd5492d01aa88de15f63dea689258b 2010.1/x86_64/lib64net-snmp-devel-5.5-7.1mdv2010.2.x86_64.rpm
2b234ec4b01f31adfbb3d5b77879fdfe 2010.1/x86_64/lib64net-snmp-static-devel-5.5-7.1mdv2010.2.x86_64.rpm
619b92ffd07067994be02fde7528f951 2010.1/x86_64/net-snmp-5.5-7.1mdv2010.2.x86_64.rpm
79dc167bfe48718513fdae8b5ffbe9b0 2010.1/x86_64/net-snmp-mibs-5.5-7.1mdv2010.2.x86_64.rpm
3d9aaff4836efc8f8efb0d3fc7a30f76 2010.1/x86_64/net-snmp-tkmib-5.5-7.1mdv2010.2.x86_64.rpm
fda5dfbe8012404d6ddd0c3943129665 2010.1/x86_64/net-snmp-trapd-5.5-7.1mdv2010.2.x86_64.rpm
af024b56711368674499906e957ca59a 2010.1/x86_64/net-snmp-utils-5.5-7.1mdv2010.2.x86_64.rpm
8071b12044e02a4400a9b7fa5c66f4cc 2010.1/x86_64/perl-NetSNMP-5.5-7.1mdv2010.2.x86_64.rpm
901eeb7abf12be68bc3a24f76cbad087 2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm
Mandriva Linux 2011:
bd71a939144d1d20b08283401515eab9 2011/i586/libnet-snmp25-5.6.1-9.1-mdv2011.0.i586.rpm
d56ccb25cbc50ada230b2a568e312560 2011/i586/libnet-snmp-devel-5.6.1-9.1-mdv2011.0.i586.rpm
d7e9e13bb4feaf78db0354ea35348c0f 2011/i586/libnet-snmp-static-devel-5.6.1-9.1-mdv2011.0.i586.rpm
13c81c8bb164c99fc6806ba6328d77a7 2011/i586/net-snmp-5.6.1-9.1-mdv2011.0.i586.rpm
159143bd5eae11219fd33bed27d3db15 2011/i586/net-snmp-mibs-5.6.1-9.1-mdv2011.0.i586.rpm
350761224456d9d06ad4a9661bc4ee77 2011/i586/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.i586.rpm
bb34c4dd7512274ba6fbfedada9b4d01 2011/i586/net-snmp-trapd-5.6.1-9.1-mdv2011.0.i586.rpm
3175051bbd95c1f93c17dac6854de586 2011/i586/net-snmp-utils-5.6.1-9.1-mdv2011.0.i586.rpm
d6b207acf8e1d199d94cbc2ba9088f56 2011/i586/perl-NetSNMP-5.6.1-9.1-mdv2011.0.i586.rpm
a6ae19f2f7f865f76880c05d3be5feca 2011/i586/python-netsnmp-5.6.1-9.1-mdv2011.0.i586.rpm
0aab253539a0484d932baf04f703d4d2 2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm
Mandriva Linux 2011/X86_64:
50841d5a79cbb80c8f3b135d98e62c94 2011/x86_64/lib64net-snmp25-5.6.1-9.1-mdv2011.0.x86_64.rpm
2f98663d082b1c806049e1d638665bd7 2011/x86_64/lib64net-snmp-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
58426391ae5bee8f1063ca96709138de 2011/x86_64/lib64net-snmp-static-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
61a36cdaa85b25b990622af254cb5c1c 2011/x86_64/net-snmp-5.6.1-9.1-mdv2011.0.x86_64.rpm
53d742abefd3d45fcdd6686a4e63c394 2011/x86_64/net-snmp-mibs-5.6.1-9.1-mdv2011.0.x86_64.rpm
57c665999674a46001de569f5cbaf4b0 2011/x86_64/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.x86_64.rpm
aedb28e2cca33ab91a5987f08499ce76 2011/x86_64/net-snmp-trapd-5.6.1-9.1-mdv2011.0.x86_64.rpm
440057cfe374699634e7123f8dfe91c7 2011/x86_64/net-snmp-utils-5.6.1-9.1-mdv2011.0.x86_64.rpm
d8cb8fa927a32c6d5ce3664f15c95ccf 2011/x86_64/perl-NetSNMP-5.6.1-9.1-mdv2011.0.x86_64.rpm
3f83c7c8e1073a229bdb2cf3f33d3708 2011/x86_64/python-netsnmp-5.6.1-9.1-mdv2011.0.x86_64.rpm
0aab253539a0484d932baf04f703d4d2 2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm
Mandriva Enterprise Server 5:
a57d57bfebb80c9a5d73811d5696ee47 mes5/i586/libnet-snmp15-5.4.2-2.4mdvmes5.2.i586.rpm
db359acdd4bf501f8469a60bdca31439 mes5/i586/libnet-snmp-devel-5.4.2-2.4mdvmes5.2.i586.rpm
9a68e11e201646d2ea2c06be3db6d03f mes5/i586/libnet-snmp-static-devel-5.4.2-2.4mdvmes5.2.i586.rpm
864a7d720acedd85a0b35679e59849a3 mes5/i586/net-snmp-5.4.2-2.4mdvmes5.2.i586.rpm
6acc806f39f3b6e04d6c16b0ec85acdf mes5/i586/net-snmp-mibs-5.4.2-2.4mdvmes5.2.i586.rpm
22c72430d5926751c532535d70c74bdc mes5/i586/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.i586.rpm
e1133d9065147744a007f15beea6b963 mes5/i586/net-snmp-trapd-5.4.2-2.4mdvmes5.2.i586.rpm
2040762a0fa5947010d01e459453803c mes5/i586/net-snmp-utils-5.4.2-2.4mdvmes5.2.i586.rpm
99aca626593aa9829e2f66143b9e8a5d mes5/i586/perl-NetSNMP-5.4.2-2.4mdvmes5.2.i586.rpm
0ee5d96c849a98d9600faf2bd20c1bdc mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
6cec4f28c38f6e446976359de2d52c2f mes5/x86_64/lib64net-snmp15-5.4.2-2.4mdvmes5.2.x86_64.rpm
280b5df81cced400a9d50cf36e29697a mes5/x86_64/lib64net-snmp-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
456656085d1303473d6b843161a5dfd9 mes5/x86_64/lib64net-snmp-static-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
388d6c3f5262a2782c1df1eee2b56ae5 mes5/x86_64/net-snmp-5.4.2-2.4mdvmes5.2.x86_64.rpm
5581bb503428d43f56047b804e21bebd mes5/x86_64/net-snmp-mibs-5.4.2-2.4mdvmes5.2.x86_64.rpm
1643390bf239fa3c54d5959b342ca953 mes5/x86_64/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.x86_64.rpm
ad3e97af2064f3f1cd9467b69578610a mes5/x86_64/net-snmp-trapd-5.4.2-2.4mdvmes5.2.x86_64.rpm
812851c970888bc5cc5c0e7b401e0486 mes5/x86_64/net-snmp-utils-5.4.2-2.4mdvmes5.2.x86_64.rpm
cfc93c491b3fe7b4c22ed0bcb565f98b mes5/x86_64/perl-NetSNMP-5.4.2-2.4mdvmes5.2.x86_64.rpm
0ee5d96c849a98d9600faf2bd20c1bdc mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP4waNmqjQ0CJFipgRArgNAJ0dg/2Yglk3Ur7coMgqaciT65zCXwCgnCBC
DrN/hendr1zsDadTg/F5ntc=
=nCSt
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists