DSA 1483-1: New net-snmp packages fix denial of service vulnerability
Posted on: 02/06/2008 08:40 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1483-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
February 06, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : net-snmp
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5846

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote
attackers to cause a denial of service (CPU and memory consumption)
via a GETBULK request with a large max-repeaters value.

For the stable distribution (etch), this problem has been fixed in
version 5.2.3-7etch2

For the unstable and testing distributions (sid and lenny,
respectively), this problem has been fixed in version 5.4.1~dfsg-2

We recommend that you upgrade your net-snmp package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.diff.gz
Size/MD5 checksum: 92129 d4395b24ac55a351ff666b146e50e7da
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.dsc
Size/MD5 checksum: 1038 34169ea344d11cc6acbbc79598f1afbe
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181

Architecture independent packages:

http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch2_all.deb
Size/MD5 checksum: 855026 9ba19bd7e95b8b786db833d088033c20
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch2_all.deb
Size/MD5 checksum: 1215052 492929e419a21cb45a6b9f7f892e51e5

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 836522 8f375e58599f11a92c219432c3c40a50
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 942474 877cd68b94cc98c3ce277f81e94ad559
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 1901930 4ce94285480f0587b9c9006db0b1d892
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 2171130 b21a6b7ab1fc2084134b0746c46caaa8
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 932262 eb96a420dd3fb6b556ed8001bc44bb93

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 1892588 eed6e7f494feeb82dadfd6292aeb54f3
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 834892 1870924c9276f277d5e61b6929bc063a
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 931080 f413808b39167a15c6d1452767537e36
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 1561022 29910b7b991cc876540f926ee5e2453a
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 919590 0962031c17b2cc752b2aa0a34224face

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 1777992 b7bb0164b520a6240321efdafbde344b
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 834966 473f0c386f9c6da35689b14ab1d379c1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 1344096 153ff9028f6accc63ed18d7bdf07485b
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 927916 989b6de8d07d36bd144ca88423b8d027
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 909516 6d3f6fd8e7472228f20c60be890d023e

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 834156 8166a1a4c4f97fbe40efbf491b7bf72c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 917354 b894368213ab2cd00eded49533b16aa6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 1835912 c7567cd3db0d4e6536a3002eb4d8e265
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 924832 ba03a9804f155ea4a284f7643457b146
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 1416974 619e4f9b2c3eb7819cd2bd524ca7554b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 970124 3deb315b5de9afb14b52b394bae18a43
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 962568 4c5698e042bf664eff0bfe993c192d5d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 2281236 d4bc4f69d7e7a593335053e91a6c485d
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 842400 a950588e1b8e71079343ecd47e2d640f
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 2205332 702c89982dfae8501a048367d78161a8

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 927142 5c8a6c536a3d50fd5002e12f62872224
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 895056 4cbf2439096d64f153e94c2d45021310
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 1717040 6d61c1ac4c4a67b69ca4d59244f4eefa
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 1769510 0b2fb829d8c98099a21fe59375eaab6f
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 832874 b55a90b9778923425fd4ede1403a1483

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 1720352 83b11573a1389090c6419974438810a6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 894848 a85af9050de7d658d06beb78cfd331d4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 1755240 edbf171acb4813d6e8936f553b0c63bf
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 832830 47e00fa0d4acad4a9adcbeab7f34a33d
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 926346 9d81f235f0232259ac87af5d9a77a3f2

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 941140 e45bfb918d4814fc58509576cb353855
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 1657898 67553ac67857e5a93610fcb62a114faa
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 927732 1c6e3bc8b903ed51301d55e5329121f0
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 1802946 54dfa2f2746fe644f7129499eb709284
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 834926 c63610793fa21e534247fb4eebfcdf38

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 903456 0a741302e5532e07949911f755522f47
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 835824 d3bae80f1bbf09eade1207b758945003
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 1834732 cc3acadd0669ee790c77e141e73d951b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 1409706 594dae3b8a0d801bc5aa0cbe240785fc
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 931154 08a5a95841d6c643660dfe8df647d9f1

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 918174 d0f688bfabae071b11d24b852e90c11b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 1781666 ab7507949d9f8f111e530f3e0aa42e42
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 925014 b6df8efcb3e971cb711e37f4b4d21302
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 833856 f13884fa38c2eb1fe055e044503f3e67
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 1548582 426a31f689fb0b3b3f4777a7e6bb51db


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHqgXfYrVLjBFATsMRAh1QAJ949bquNFrGOLCWnfB6eWPuDR695gCdFC02
/C3q6l7UFMwZ2dc1FtxJztg=
=5GhV
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1483_1_new_net_snmp_packages_fix_denial_of_service_vulnerability.html)