Debian: DSA-111-1 Critical Advisory for Ucd-snmp Remote Exploit
debian
February 14, 2002
These packages prevent possible denial of service ...
Topics Covered
Summary
Package : ucd-snmp
Problem type : remote exploit
Debian-specific: no
CERT Advisory : CA-2002-03
The Secure Programming Group of the Oulu University did a study on
SNMP implementations and uncovered multiple problems which can
cause problems ranging from Denial of Service attacks to remote
exploits.
New UCD-SNMP packages have been prepared to fix these problems
as well as a few others. The complete list of fixed problems is:
* When running external programs snmpd used temporary files insecurely
* snmpd did not properly reset supplementary groups after changing
its uid and gid
* Modified most code to use buffers instead of fixed-length strings to
prevent buffer overflows
* The ASN.1 parser did not check for negative lengths
* the IFINDEX response handling in snmpnetstat did not do a sanity check
on its input
(thanks to Caldera for most of the work on those patches)
The new version is 4.1.1-2.1 and we recommend you upgrade your
snmp packages immediately.
wget url
will fetch the file ...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!