Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian: New net-snmp packages fix several vulnerabilities

    Date08 Nov 2008
    CategoryDebian
    3066
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. 
    - ------------------------------------------------------------------------
Debian Security Advisory DSA-1663-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.debian.org/security/                          Thijs Kinkhorst
November 09, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : net-snmp
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-0960 CVE-2008-2292 CVE-2008-4309
Debian Bugs    : 485945 482333 504150

Several vulnerabilities have been discovered in NET SNMP, a suite of
Simple Network Management Protocol applications. The Common
Vulnerabilities and Exposures project identifies the following problems:
 
CVE-2008-0960
 
    Wes Hardaker reported that the SNMPv3 HMAC verification relies on
    the client to specify the HMAC length, which allows spoofing of
    authenticated SNMPv3 packets.
 
CVE-2008-2292
 
    John Kortink reported a buffer overflow in the __snprint_value
    function in snmp_get causing a denial of service and potentially
    allowing the execution of arbitrary code via a large OCTETSTRING 
    in an attribute value pair (AVP).
 
CVE-2008-4309

    It was reported that an integer overflow in the
    netsnmp_create_subtree_cache function in agent/snmp_agent.c allows   
    remote attackers to cause a denial of service attack via a crafted  
    SNMP GETBULK request.

For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
 
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.

We recommend that you upgrade your net-snmp package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz
    Size/MD5 checksum:    94030 2ccd6191c3212980956c30de392825ec
  http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc
    Size/MD5 checksum:     1046 8018cc23033178515298d5583a74f9ff
  http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
    Size/MD5 checksum:  4006389 ba4bc583413f90618228d0f196da8181

Architecture independent packages:

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb
    Size/MD5 checksum:  1214368 d579d8f28f3d704b6c09b2b480425086
  http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb
    Size/MD5 checksum:   855594 b5ccd827adbcefcca3557fa9ae28cc08

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb
    Size/MD5 checksum:  2169470 265835564ef2b0e2e86a08000461c53b
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb
    Size/MD5 checksum:   944098 5b903886ee4740842715797e3231602c
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb
    Size/MD5 checksum:  1901802 5486eb1f2a5b076e5342b1dd9cbb12e2
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb
    Size/MD5 checksum:   933202 e3210ba1641079e0c3aaf4a50e89aedd
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb
    Size/MD5 checksum:   835584 b14db8c5e5b5e2d34799952975f903fb

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb
    Size/MD5 checksum:   932008 fc79672bf64eaabd41ed1c2f4a42c7da
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb
    Size/MD5 checksum:  1890766 ae3832515a97a79b31e0e7f0316356ee
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb
    Size/MD5 checksum:   835088 62867e9ba9dfca3c7e8ae575d5a478f5
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb
    Size/MD5 checksum:   918844 d2d1bc5f555bc9dba153e2a9a964ffbf
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb
    Size/MD5 checksum:  1557924 5c2a33a015dd44708a9cc7602ca2525c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb
    Size/MD5 checksum:   909974 4c1cef835efc0b7ff3fea54a618eabee
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb
    Size/MD5 checksum:   835284 3ac835d926481c9e0f589b578455ddee
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb
    Size/MD5 checksum:   928252 b98e98b58c61be02e477185293427d5c
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb
    Size/MD5 checksum:  1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb
    Size/MD5 checksum:  1344158 78b6cf6b2974983e8e3670468da73cd1

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb
    Size/MD5 checksum:   835940 9eeaf116e386dd7733ab2106c662dfa9
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb
    Size/MD5 checksum:  1809132 78bb5f1c12b004d32fa265e6bd99ffa1
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb
    Size/MD5 checksum:  1926116 71c7f3095ffe1bb22e84ade21f32b3a4
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb
    Size/MD5 checksum:   935434 85deac8531b02a0fdf3c9baa21d8e4bd
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb
    Size/MD5 checksum:   935640 958cb158264f75772864cd5d5c0bf251

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb
    Size/MD5 checksum:  1423294 f05c7491a8100684c5085588738f05b5
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb
    Size/MD5 checksum:   833970 cb705c9fe9418cc9348ac935ea7b0ba2
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb
    Size/MD5 checksum:   920070 3df41a0c99c41d1bccf6801011cf8ed5
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb
    Size/MD5 checksum:   925914 159b4244ef701edbe0fb8c9685b5b477
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb
    Size/MD5 checksum:  1838900 3b7ac7b8fe0da1a3909ee56aba46d464

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb
    Size/MD5 checksum:  2205680 6868a56b1db04627e6921bf7237939a2
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb
    Size/MD5 checksum:   970440 783f0cccabfbcc63590730b3803d164d
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb
    Size/MD5 checksum:  2281114 fd04b505755a3aed0fe4c9baaac84500
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb
    Size/MD5 checksum:   842690 9f9ca89c3d3ba7c46481e9cd39c242a6
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb
    Size/MD5 checksum:   962854 c8a32f808d719357a5b6350e2b60794e

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb
    Size/MD5 checksum:   895414 5dd919d188291cb3727d39b5e06c9e26
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb
    Size/MD5 checksum:   927342 28c245db4d8ea82ba4075b27d674d72a
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb
    Size/MD5 checksum:   833182 0e0b21e13d77de82bed7a38d30f65e4b
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb
    Size/MD5 checksum:  1769524 24bdc73a3d20c4046c7741957442c713
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb
    Size/MD5 checksum:  1717562 977ae5c34a127d32d8f2bf222de9a431

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb
    Size/MD5 checksum:  1755032 cab5c112911465a9ce23a0d2ea44ded9
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb
    Size/MD5 checksum:   926616 2bf14a3fe74d9f2a523aacc8b04f5282
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb
    Size/MD5 checksum:   895194 b7c9ed37bf83ad92371f5472ac5d917b
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb
    Size/MD5 checksum:   833098 08b63ba6c3becf25ba2f941a532a7b71
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb
    Size/MD5 checksum:  1720642 1ff7568eb478edee923edb76cf42e9ac

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb
    Size/MD5 checksum:   941434 bbac9384bd7f88339e2b86fa665208c1
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb
    Size/MD5 checksum:   835212 4790d79f8de7f1bee7aabf0473f25268
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb
    Size/MD5 checksum:  1657890 b91fcf52e80c7196cea0c13df9ac79ef
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb
    Size/MD5 checksum:  1803262 4d298c9509941390c7b2eb68320ad211
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb
    Size/MD5 checksum:   928170 b17966a6a61313344ac827b58f32eeef

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb
    Size/MD5 checksum:  1409718 2a128cbdce2522ef49604255cff41af2
  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb
    Size/MD5 checksum:   931452 d3bb7c3a849cd2b35fa6e4acb19c318d
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb
    Size/MD5 checksum:  1834914 67e5b946df18b06b41b3e108d5ddc4e3
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb
    Size/MD5 checksum:   836102 7a4b85e8ea0e50d7213997b5f7d6309f
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb
    Size/MD5 checksum:   903864 3f80e78e4e2672aacf3da0690ff24b79

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb
    Size/MD5 checksum:   925336 5824ea607689f3f1bd62a9e6e28f95ae
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb
    Size/MD5 checksum:  1548630 1378d1cf730d3026bc1f01a4ab2ccedb
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb
    Size/MD5 checksum:   918592 28a086f6aa2ee8d510b38c1a177843fc
  http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb
    Size/MD5 checksum:   834186 068cbf2b4774ecf9504b820db26e6f1d
  http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb
    Size/MD5 checksum:  1782014 d39fae5fe0d1397a2a1bd7397d6e850a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    Related News

    Open-source spyware makes it on the Google Play Store
    Open-source spyware makes it on the Google Play Store
    IT Security Pros: Encryption Backdoors Are Election Hacking Risk
    IT Security Pros: Encryption Backdoors Are Election Hacking Risk
    Google, Apple, and Mozilla won’t budge on Kazakhstan’s sneaky plot to spy on citizens
    Google, Apple, and Mozilla won’t budge on Kazakhstan’s sneaky plot to spy on citizens
    An introduction to bpftrace for Linux
    An introduction to bpftrace for Linux
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Debian LTS: DLA-1886-2: openjdk-7 regression update
    Date22 Aug 2019 @ 16:01
    Debian LTS: DLA-1893-1: cups security update
    Date22 Aug 2019 @ 14:45
    Debian: DSA-4505-1: nginx security update
    Date22 Aug 2019 @ 11:38
    RedHat: RHSA-2019-2553:01 Important: qemu-kvm-rhev security, bug fix,
    Date22 Aug 2019 @ 01:19

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More