USN-685-1: Net-SNMP vulnerabilities


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-685-1: Net-SNMP vulnerabilities
# 1  
Old 12-03-2008
USN-685-1: Net-SNMP vulnerabilities

Referenced CVEs:
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309


Description:
=========================================================== Ubuntu Security Notice USN-685-1 December 03, 2008 net-snmp vulnerabilities CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsnmp-perl 5.2.1.2-4ubuntu2.3 libsnmp9 5.2.1.2-4ubuntu2.3 Ubuntu 7.10: libsnmp-perl 5.3.1-6ubuntu2.2 libsnmp10 5.3.1-6ubuntu2.2 Ubuntu 8.04 LTS: libsnmp-perl 5.4.1~dfsg-4ubuntu4.2 libsnmp15 5.4.1~dfsg-4ubuntu4.2 Ubuntu 8.10: libsnmp15 5.4.1~dfsg-7.1ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. (CVE-2008-0960) John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292) It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. HP-UX

Net-snmp 5.7.2 on HP-UX 11.31

Hi All, I have an issue with net-snmp communication from a monitoring server to HP UX server. Following are the details HP - UX server : 172.16.184.34 Monitoring Server : 172.16.5.57 (Solarwinds Application)I'm running HP-UX's snmp on udp port 161 and net-snmp on udp 1161. ... (0 Replies)
Discussion started by: maverick_here
0 Replies

2. AIX

Net snmp bug

Hi Admins, I have installed net-snmp 5.5 binary in AIX 5.5 box and configured using snmpconf command.When i run ./snmpd -f -Lo -c /etc/snmpd.conf m getting below error. nlist err: neither proc nor _proc found After surfing i came to know the same is a bug.Please anyone tell me how to... (3 Replies)
Discussion started by: newaix
3 Replies

3. Infrastructure Monitoring

net-snmp issue

When I run a script that polls a router I get the following error from net-snmp. I can not seem to find a straight answer. Could my mib files be corrupt? xxx-xxx:/etc/sma/snmp/mibs# perl /export/home/user/perl/test.pl Unlinked OID in SNMPv2-MIB: snmp ::= { mib-2 11 } Undefined identifier:... (2 Replies)
Discussion started by: mrlayance
2 Replies

4. UNIX for Dummies Questions & Answers

net-snmp

Does anybody know where I can get net-snmp for compaq tru64 V4.0G? I am having a difficult time locating it. Can it run on tru64 V4.0G? (2 Replies)
Discussion started by: jalburger
2 Replies
Login or Register to Ask a Question