[Security Announce] [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities
Posted on: 01/27/2006 05:32 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:025
http://www.mandriva.com/security/
_______________________________________________________________________

Package : net-snmp
Date : January 26, 2006
Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The fixproc application in Net-SNMP creates temporary files with
predictable file names which could allow a malicious local attacker to
change the contents of the temporary file by exploiting a race
condition, which could possibly lead to the execution of arbitrary
code. As well, a local attacker could create symbolic links in the
/tmp directory that point to a valid file that would then be
overwritten when fixproc is executed (CVE-2005-1740).

A remote Denial of Service vulnerability was also discovered in the
SNMP library that could be exploited by a malicious SNMP server to
crash the agent, if the agent uses TCP sockets for communication
(CVE-2005-2177).

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
5e45d435f1d54d5e3090782b6abba68d 10.1/RPMS/libnet-snmp5-5.1.2-6.1.101mdk.i586.rpm
0bfb669d7aa43f082748130de49566d9 10.1/RPMS/libnet-snmp5-devel-5.1.2-6.1.101mdk.i586.rpm
6c893808aef9ee5bc260097f85f59a8c 10.1/RPMS/libnet-snmp5-static-devel-5.1.2-6.1.101mdk.i586.rpm
9990e6a604e33077001acd83ef992839 10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.i586.rpm
6cde654363177bcbce43e0629c4410df 10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.i586.rpm
00a8209096eead381f4b92d6c5610d35 10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.i586.rpm
71f10f045162b00f15574d86a1ac4042 10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.i586.rpm
bafa69a28faf8e3f926e4791eca78afe 10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.i586.rpm
9336accac13fed9119b8d53e1ce18842 10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
fb7f15b0ce19d694d187c8d245b7eb39 x86_64/10.1/RPMS/lib64net-snmp5-5.1.2-6.1.101mdk.x86_64.rpm
2eb7bfbb87d50036f59d40c8f74013af x86_64/10.1/RPMS/lib64net-snmp5-devel-5.1.2-6.1.101mdk.x86_64.rpm
91f01ccb844bfe0fc288d0d2ae0a6b92 x86_64/10.1/RPMS/lib64net-snmp5-static-devel-5.1.2-6.1.101mdk.x86_64.rpm
19727111e192d653497dfd95788d605b x86_64/10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.x86_64.rpm
c8accd70d2ee97c8e96d7621614bab4a x86_64/10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.x86_64.rpm
67fe7b2332127afe6ca19111c5ac0527 x86_64/10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.x86_64.rpm
3d36801e15db09a37115c5299f0f8ed2 x86_64/10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.x86_64.rpm
9abc3a1c0109487a99491c0586410b5b x86_64/10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.x86_64.rpm
9336accac13fed9119b8d53e1ce18842 x86_64/10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

Mandriva Linux 10.2:
d094f32e704563d30bacb2c4555313bd 10.2/RPMS/libnet-snmp5-5.2.1-3.1.102mdk.i586.rpm
d1f446814f498f188add32de07b119bd 10.2/RPMS/libnet-snmp5-devel-5.2.1-3.1.102mdk.i586.rpm
9b75d6a1d06f29377e4ddb01e9dd77ca 10.2/RPMS/libnet-snmp5-static-devel-5.2.1-3.1.102mdk.i586.rpm
709bbe1ab3ade1d812451a0e95dbc74c 10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.i586.rpm
70ab9c54aad572ef98bc05722b792dfa 10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.i586.rpm
f63e29921d9a996859803e1bacfa12b1 10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.i586.rpm
9e7acc9c5e689d52ca713e70ae210fdf 10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.i586.rpm
4ce882e9f770d3b0703758f07de93d33 10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.i586.rpm
274a211bc0310147425dde0177933b3a 10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
029c14c17368523ea88d25d62c357e05 x86_64/10.2/RPMS/lib64net-snmp5-5.2.1-3.1.102mdk.x86_64.rpm
5eac46a96bdaf1bd184095931c3fd7dc x86_64/10.2/RPMS/lib64net-snmp5-devel-5.2.1-3.1.102mdk.x86_64.rpm
0081e952f8cdb2cda6f9c5c3bbfcd824 x86_64/10.2/RPMS/lib64net-snmp5-static-devel-5.2.1-3.1.102mdk.x86_64.rpm
5750dfbeb765a8a9cc5edea0367136ef x86_64/10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.x86_64.rpm
0bb727dd060f69e722e2d9119b09c920 x86_64/10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.x86_64.rpm
bed3ea77aedda99248cf505004cd7ce2 x86_64/10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.x86_64.rpm
5b15725662b555b200599babd751202e x86_64/10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.x86_64.rpm
c302bf9154a851284ec75845f2d16fbb x86_64/10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.x86_64.rpm
274a211bc0310147425dde0177933b3a x86_64/10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

Corporate 3.0:
af2cfb8c941c61e09e90f972e196fc7c corporate/3.0/RPMS/libnet-snmp5-5.1-7.2.C30mdk.i586.rpm
398eb8a624998f3269fd921097e040b8 corporate/3.0/RPMS/libnet-snmp5-devel-5.1-7.2.C30mdk.i586.rpm
0654942277f25a812438356840d69063 corporate/3.0/RPMS/libnet-snmp5-static-devel-5.1-7.2.C30mdk.i586.rpm
b50cee131b9255792bbfe4c785b7869b corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.i586.rpm
dee0feb110fda0312fdcc05db315007a corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.i586.rpm
e22ca26b96609e60b15459290dd5f37d corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.i586.rpm
1a35259e34c7f14c4618a712718db361 corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.i586.rpm
8f3c4ead1bd79a6826dae2dfc279b972 corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
ff618e405dea0563a6e35680993ceb9b x86_64/corporate/3.0/RPMS/lib64net-snmp5-5.1-7.2.C30mdk.x86_64.rpm
aea5952fc98d667280f2cc9595482fde x86_64/corporate/3.0/RPMS/lib64net-snmp5-devel-5.1-7.2.C30mdk.x86_64.rpm
877dd4ca90a79a07f22c3c91e523877c x86_64/corporate/3.0/RPMS/lib64net-snmp5-static-devel-5.1-7.2.C30mdk.x86_64.rpm
f2f83c224b85bbc57d493085baed30d2 x86_64/corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.x86_64.rpm
e6016001da2e93385d9bb33714dc3b5b x86_64/corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.x86_64.rpm
43a28bf6e34b44616a185d355ba33108 x86_64/corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.x86_64.rpm
53a861ab75ef7806ba59977f644ecc62 x86_64/corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.x86_64.rpm
8f3c4ead1bd79a6826dae2dfc279b972 x86_64/corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
283d5163bf181f98318a18575d823d41 mnf/2.0/RPMS/libnet-snmp5-5.1-7.1.M20mdk.i586.rpm
71783daec5bd3a6045d7337330f09ba2 mnf/2.0/SRPMS/net-snmp-5.1-7.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD2Wg6mqjQ0CJFipgRAkqFAJ9pS+KWFCf2nCCOOGBD9NwOblfy0gCeLp4e
LX+wEvcbjV7TrErPjNxo0wM=
=/TNu
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006025__updated_net_snmp_packages_fix_vulnerabilities.html)