Linux Security
Linux Security
Linux Security

Debian: New net-snmp packages fix several vulnerabilities

Date 08 Nov 2008
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1663-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                          Thijs Kinkhorst
November 09, 2008           
- ------------------------------------------------------------------------

Package        : net-snmp
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-0960 CVE-2008-2292 CVE-2008-4309
Debian Bugs    : 485945 482333 504150

Several vulnerabilities have been discovered in NET SNMP, a suite of
Simple Network Management Protocol applications. The Common
Vulnerabilities and Exposures project identifies the following problems:
    Wes Hardaker reported that the SNMPv3 HMAC verification relies on
    the client to specify the HMAC length, which allows spoofing of
    authenticated SNMPv3 packets.
    John Kortink reported a buffer overflow in the __snprint_value
    function in snmp_get causing a denial of service and potentially
    allowing the execution of arbitrary code via a large OCTETSTRING 
    in an attribute value pair (AVP).

    It was reported that an integer overflow in the
    netsnmp_create_subtree_cache function in agent/snmp_agent.c allows   
    remote attackers to cause a denial of service attack via a crafted  
    SNMP GETBULK request.

For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.

We recommend that you upgrade your net-snmp package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:    94030 2ccd6191c3212980956c30de392825ec
    Size/MD5 checksum:     1046 8018cc23033178515298d5583a74f9ff
    Size/MD5 checksum:  4006389 ba4bc583413f90618228d0f196da8181

Architecture independent packages:
    Size/MD5 checksum:  1214368 d579d8f28f3d704b6c09b2b480425086
    Size/MD5 checksum:   855594 b5ccd827adbcefcca3557fa9ae28cc08

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  2169470 265835564ef2b0e2e86a08000461c53b
    Size/MD5 checksum:   944098 5b903886ee4740842715797e3231602c
    Size/MD5 checksum:  1901802 5486eb1f2a5b076e5342b1dd9cbb12e2
    Size/MD5 checksum:   933202 e3210ba1641079e0c3aaf4a50e89aedd
    Size/MD5 checksum:   835584 b14db8c5e5b5e2d34799952975f903fb

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   932008 fc79672bf64eaabd41ed1c2f4a42c7da
    Size/MD5 checksum:  1890766 ae3832515a97a79b31e0e7f0316356ee
    Size/MD5 checksum:   835088 62867e9ba9dfca3c7e8ae575d5a478f5
    Size/MD5 checksum:   918844 d2d1bc5f555bc9dba153e2a9a964ffbf
    Size/MD5 checksum:  1557924 5c2a33a015dd44708a9cc7602ca2525c

arm architecture (ARM)
    Size/MD5 checksum:   909974 4c1cef835efc0b7ff3fea54a618eabee
    Size/MD5 checksum:   835284 3ac835d926481c9e0f589b578455ddee
    Size/MD5 checksum:   928252 b98e98b58c61be02e477185293427d5c
    Size/MD5 checksum:  1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b
    Size/MD5 checksum:  1344158 78b6cf6b2974983e8e3670468da73cd1

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   835940 9eeaf116e386dd7733ab2106c662dfa9
    Size/MD5 checksum:  1809132 78bb5f1c12b004d32fa265e6bd99ffa1
    Size/MD5 checksum:  1926116 71c7f3095ffe1bb22e84ade21f32b3a4
    Size/MD5 checksum:   935434 85deac8531b02a0fdf3c9baa21d8e4bd
    Size/MD5 checksum:   935640 958cb158264f75772864cd5d5c0bf251

i386 architecture (Intel ia32)
    Size/MD5 checksum:  1423294 f05c7491a8100684c5085588738f05b5
    Size/MD5 checksum:   833970 cb705c9fe9418cc9348ac935ea7b0ba2
    Size/MD5 checksum:   920070 3df41a0c99c41d1bccf6801011cf8ed5
    Size/MD5 checksum:   925914 159b4244ef701edbe0fb8c9685b5b477
    Size/MD5 checksum:  1838900 3b7ac7b8fe0da1a3909ee56aba46d464

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  2205680 6868a56b1db04627e6921bf7237939a2
    Size/MD5 checksum:   970440 783f0cccabfbcc63590730b3803d164d
    Size/MD5 checksum:  2281114 fd04b505755a3aed0fe4c9baaac84500
    Size/MD5 checksum:   842690 9f9ca89c3d3ba7c46481e9cd39c242a6
    Size/MD5 checksum:   962854 c8a32f808d719357a5b6350e2b60794e

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   895414 5dd919d188291cb3727d39b5e06c9e26
    Size/MD5 checksum:   927342 28c245db4d8ea82ba4075b27d674d72a
    Size/MD5 checksum:   833182 0e0b21e13d77de82bed7a38d30f65e4b
    Size/MD5 checksum:  1769524 24bdc73a3d20c4046c7741957442c713
    Size/MD5 checksum:  1717562 977ae5c34a127d32d8f2bf222de9a431

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1755032 cab5c112911465a9ce23a0d2ea44ded9
    Size/MD5 checksum:   926616 2bf14a3fe74d9f2a523aacc8b04f5282
    Size/MD5 checksum:   895194 b7c9ed37bf83ad92371f5472ac5d917b
    Size/MD5 checksum:   833098 08b63ba6c3becf25ba2f941a532a7b71
    Size/MD5 checksum:  1720642 1ff7568eb478edee923edb76cf42e9ac

powerpc architecture (PowerPC)
    Size/MD5 checksum:   941434 bbac9384bd7f88339e2b86fa665208c1
    Size/MD5 checksum:   835212 4790d79f8de7f1bee7aabf0473f25268
    Size/MD5 checksum:  1657890 b91fcf52e80c7196cea0c13df9ac79ef
    Size/MD5 checksum:  1803262 4d298c9509941390c7b2eb68320ad211
    Size/MD5 checksum:   928170 b17966a6a61313344ac827b58f32eeef

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1409718 2a128cbdce2522ef49604255cff41af2
    Size/MD5 checksum:   931452 d3bb7c3a849cd2b35fa6e4acb19c318d
    Size/MD5 checksum:  1834914 67e5b946df18b06b41b3e108d5ddc4e3
    Size/MD5 checksum:   836102 7a4b85e8ea0e50d7213997b5f7d6309f
    Size/MD5 checksum:   903864 3f80e78e4e2672aacf3da0690ff24b79

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   925336 5824ea607689f3f1bd62a9e6e28f95ae
    Size/MD5 checksum:  1548630 1378d1cf730d3026bc1f01a4ab2ccedb
    Size/MD5 checksum:   918592 28a086f6aa2ee8d510b38c1a177843fc
    Size/MD5 checksum:   834186 068cbf2b4774ecf9504b820db26e6f1d
    Size/MD5 checksum:  1782014 d39fae5fe0d1397a2a1bd7397d6e850a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.