RHSA-2005:395-01 Low: net-snmp security update
Posted on: 10/05/2005 07:52 AM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: net-snmp security update
Advisory ID: RHSA-2005:395-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-395.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1740 CAN-2005-2177
- ---------------------------------------------------------------------

1. Summary:

Updated net-snmp packages that fix two security issues and various bugs
are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

SNMP (Simple Network Management Protocol) is a protocol used for network
management.

A denial of service bug was found in the way net-snmp uses network stream
protocols. It is possible for a remote attacker to send a net-snmp agent a
specially crafted packet that will crash the agent. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-2177 to this issue.

An insecure temporary file usage bug was found in net-snmp's fixproc
command. It is possible for a local user to modify the content of temporary
files used by fixproc that can lead to arbitrary command execution. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1740 to this issue.

Additionally, the following bugs have been fixed:
- - The lmSensors are correctly recognized, snmp deamon no longer segfaults
- - The larger swap partition sizes are correctly reported
- - Querying hrSWInstalledLastUpdateTime no longer crashes the snmp deamon
- - Fixed error building ASN.1 representation
- - The 64-bit network counters correctly wrap
- - Large file systems are correctly handled
- - Snmptrapd initscript correctly reads options from its configuration
file /etc/snmp/snmptrapd.options
- - Snmp deamon no longer crashes when restarted using the agentX
protocol
- - snmp daemon now reports gigabit Ethernet speeds correctly
- - MAC adresses are shown when requested instead of IP adresses

All users of net-snmp should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150084 - snmpd dies when getting enterprises.ucdavis.memory.memTotalSwap.0
150199 - snmpd exits without a diagnostic: SIGSEGV
154455 - 64bit network counters peg instead of wrapping
154798 - /etc/init.d/snmptrapd wrong order in setting variables...
155038 - x86_64: net-snmp dies when querying hrSWInstalledLastUpdateTime
158769 - CAN-2005-1740 net-snmp insecure temporary file usage
163688 - CAN-2005-2177 net-snmp denial of service


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6 net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365 net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758 net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0 net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

ppc:
c9ca217a48da0a7aa035629ae1a315b6 net-snmp-5.1.2-11.EL4.6.ppc.rpm
717983be7c1f8ec261ffb7914b10bcb5 net-snmp-devel-5.1.2-11.EL4.6.ppc.rpm
1813f94dcaa10f1c5e9910c473220187 net-snmp-libs-5.1.2-11.EL4.6.ppc.rpm
6423451346096dc668635ea9ec6d0154 net-snmp-libs-5.1.2-11.EL4.6.ppc64.rpm
4d5d7f0732e0476a5052914d8ba03408 net-snmp-perl-5.1.2-11.EL4.6.ppc.rpm
de9792ce34d8fe0cf828e143e55a6e86 net-snmp-utils-5.1.2-11.EL4.6.ppc.rpm

s390:
b6d060cfaeb06f0898fef46280bc6dda net-snmp-5.1.2-11.EL4.6.s390.rpm
2874be600171af40fdedc29190122677 net-snmp-devel-5.1.2-11.EL4.6.s390.rpm
c2895f557db41fa371ecdec220780150 net-snmp-libs-5.1.2-11.EL4.6.s390.rpm
b680f8bdc4669c2292950fb6db4e47d3 net-snmp-perl-5.1.2-11.EL4.6.s390.rpm
2bb808e9ef394ce25855822ef91af2cf net-snmp-utils-5.1.2-11.EL4.6.s390.rpm

s390x:
9c212ed0a8aefd7db9cd57bf31d22e25 net-snmp-5.1.2-11.EL4.6.s390x.rpm
157b79487d0044c226ddf567294aa261 net-snmp-devel-5.1.2-11.EL4.6.s390x.rpm
c2895f557db41fa371ecdec220780150 net-snmp-libs-5.1.2-11.EL4.6.s390.rpm
cb9cf209f3281f9aede6305d2acc29a7 net-snmp-libs-5.1.2-11.EL4.6.s390x.rpm
af281e7c2985218b76eebe495a8c62bf net-snmp-perl-5.1.2-11.EL4.6.s390x.rpm
ff879a134c8c06cc52633ca05af552b0 net-snmp-utils-5.1.2-11.EL4.6.s390x.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8 net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2 net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519 net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297 net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6 net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6 net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8 net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2 net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519 net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297 net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6 net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6 net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365 net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758 net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0 net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8 net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2 net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519 net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297 net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6 net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6 net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365 net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758 net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0 net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8 net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2 net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519 net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297 net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6 net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDQ9i5XlSAg2UNWIIRAm41AJ9C2uVgeKnvsVXkJ3TXIpxCl9f/VACePpgT
tmo/5VQnjK+p/xLKVIpL/2I=
=h8+9
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005395_01_low_net_snmp_security_update.html)