USN-685-1: Net-SNMP vulnerabilities Post: 302264363

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-685-1: Net-SNMP vulnerabilities Post 302264363 by Linux Bot on Wednesday 3rd of December 2008 05:50:02 PM

12-03-2008

Registered User

USN-685-1: Net-SNMP vulnerabilities

Referenced CVEs:
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309

Description:
=========================================================== Ubuntu Security Notice USN-685-1 December 03, 2008 net-snmp vulnerabilities CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsnmp-perl 5.2.1.2-4ubuntu2.3 libsnmp9 5.2.1.2-4ubuntu2.3 Ubuntu 7.10: libsnmp-perl 5.3.1-6ubuntu2.2 libsnmp10 5.3.1-6ubuntu2.2 Ubuntu 8.04 LTS: libsnmp-perl 5.4.1~dfsg-4ubuntu4.2 libsnmp15 5.4.1~dfsg-4ubuntu4.2 Ubuntu 8.10: libsnmp15 5.4.1~dfsg-7.1ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. (CVE-2008-0960) John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292) It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

net-snmp

Does anybody know where I can get net-snmp for compaq tru64 V4.0G? I am having a difficult time locating it. Can it run on tru64 V4.0G?

2. Infrastructure Monitoring

net-snmp issue

When I run a script that polls a router I get the following error from net-snmp. I can not seem to find a straight answer. Could my mib files be corrupt? xxx-xxx:/etc/sma/snmp/mibs# perl /export/home/user/perl/test.pl Unlinked OID in SNMPv2-MIB: snmp ::= { mib-2 11 } Undefined identifier:...

3. AIX

Net snmp bug

Hi Admins, I have installed net-snmp 5.5 binary in AIX 5.5 box and configured using snmpconf command.When i run ./snmpd -f -Lo -c /etc/snmpd.conf m getting below error. nlist err: neither proc nor _proc found After surfing i came to know the same is a bug.Please anyone tell me how to...

4. HP-UX

Net-snmp 5.7.2 on HP-UX 11.31

Hi All, I have an issue with net-snmp communication from a monitoring server to HP UX server. Following are the details HP - UX server : 172.16.184.34 Monitoring Server : 172.16.5.57 (Solarwinds Application)I'm running HP-UX's snmp on udp port 161 and net-snmp on udp 1161. ...

LEARN ABOUT SUSE

net-snmp-config

net-snmp-config(1)						     Net-SNMP							net-snmp-config(1)

NAME

       net-snmp-config - returns information about installed net-snmp libraries and binaries

SYNOPSIS

       net-snmp-config [OPTIONS]

DESCRIPTION

       The  net-snmp-config  shell  script is designed to retrieve the configuration information about the libraries and binaries dealing with the
       Simple Network Management Protocol (SNMP), built from the net-snmp source package. The information is particularily useful for applications
       that need to link against the SNMP libraries and hence must know about any other libraries that must be linked in as well.

OPTIONS

       --version
	      displays the net-snmp version number

       --indent-options
	      displays the indent options from the Coding Style

       --debug-tokens
	      displays a example command line to search to source code for a list of available debug tokens

       SNMP Setup commands:

       --create-snmpv3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
	      [-A MD5|SHA] [username]

       These options produce the various compilation flags needed when building external SNMP applications:

       --base-cflags
	      lists additional compilation flags needed for external applications (excludes -I. and extra developer warning flags, if any)

       --cflags
	      lists additional compilation flags needed

       --libs lists libraries needed for building applications

       --agent-libs
	      lists libraries needed for building subagents

       --netsnmp-libs
	      lists netsnmp specific libraries

       --external-libs
	      lists libraries needed by netsnmp libs

       --netsnmp-agent-libs
	      lists netsnmp specific agent libraries

       --external-agent-libs lists libraries needed by netsnmp libs

       Automated subagent building (produces an OUTPUTNAME binary file): [This feature has not been extensively tested,  use at your own risk.]

       --compile-subagent OUTPUTNAME [--norm] [--cflags flags]
	      [--ldflags flags] mibmodule1.c [...]]

       --norm leave the generated .c file around to read.

       --cflags flags
	      extra cflags to use (e.g. -I...).

       --ldflags flags
	      extra ld flags to use (e.g. -L... -l...).

	      Details on how the net-nsmp package was compiled:

       --configure-options
	      Display original configure arguments

       --snmpd-module-list
	      Display the modules compiled into the agent

       --prefix
	      Display the installation prefix

4.2 Berkeley Distribution					    16 Nov 2006 						net-snmp-config(1)