[Security Announce] [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability
Posted on: 11/19/2007 07:30 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:225
http://www.mandriva.com/security/
_______________________________________________________________________

Package : net-snmp
Date : November 19, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to
cause a denial of service (CPU and memory consumption) via a GETBULK
request with a large max-repeaters value.

Updated packages fix this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
83e0d0edc66af5d11b032cf2a7c12054 2007.0/i586/libnet-snmp10-5.3.1-2.1mdv2007.0.i586.rpm
211db38ffbbefb22f653a18da8e928f5 2007.0/i586/libnet-snmp10-devel-5.3.1-2.1mdv2007.0.i586.rpm
b43cc33ca2b0fb582e69bbe52578e76a 2007.0/i586/libnet-snmp10-static-devel-5.3.1-2.1mdv2007.0.i586.rpm
e2ac837cd1eff29bb56f5fa964f59ed5 2007.0/i586/net-snmp-5.3.1-2.1mdv2007.0.i586.rpm
2434602e5d0a3133318600b4071cf4ea 2007.0/i586/net-snmp-mibs-5.3.1-2.1mdv2007.0.i586.rpm
d9336d2710c1a44531cdb790cd8f47cf 2007.0/i586/net-snmp-trapd-5.3.1-2.1mdv2007.0.i586.rpm
a1945889589568b420181a8a196d51ad 2007.0/i586/net-snmp-utils-5.3.1-2.1mdv2007.0.i586.rpm
cf8fd2357e80a805ab3210fd3a8f8d01 2007.0/i586/perl-NetSNMP-5.3.1-2.1mdv2007.0.i586.rpm
da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7a4a25157d9a1e3b9cf4bf7af1205aa8 2007.0/x86_64/lib64net-snmp10-5.3.1-2.1mdv2007.0.x86_64.rpm
cab6a3e8bc7167656e38e5a429eb8c0a 2007.0/x86_64/lib64net-snmp10-devel-5.3.1-2.1mdv2007.0.x86_64.rpm
03f09f4fe99c381bda2603861f9644a2 2007.0/x86_64/lib64net-snmp10-static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm
425489fcb707757a46e0c6105309e2ff 2007.0/x86_64/net-snmp-5.3.1-2.1mdv2007.0.x86_64.rpm
7df1fa9a564c63687621355561ba9eec 2007.0/x86_64/net-snmp-mibs-5.3.1-2.1mdv2007.0.x86_64.rpm
fe2aaae5507ae5122a7d30f9fd74eef5 2007.0/x86_64/net-snmp-trapd-5.3.1-2.1mdv2007.0.x86_64.rpm
ee1ae1d56af4b511b3bb2b1a986aa60a 2007.0/x86_64/net-snmp-utils-5.3.1-2.1mdv2007.0.x86_64.rpm
04393ea88742f3b05586a555d8ad81ec 2007.0/x86_64/perl-NetSNMP-5.3.1-2.1mdv2007.0.x86_64.rpm
da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
fa0f200cd711f97684d9debfdeef3e15 2007.1/i586/libnet-snmp10-5.3.1-3.1mdv2007.1.i586.rpm
68c25bedfd4370a5fc0aa5ff934a2b1b 2007.1/i586/libnet-snmp10-devel-5.3.1-3.1mdv2007.1.i586.rpm
ecbd2c76a1ea3595594f10c66bea5772 2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.1mdv2007.1.i586.rpm
04c676ae1290bbfbd7083252ae5b10dd 2007.1/i586/net-snmp-5.3.1-3.1mdv2007.1.i586.rpm
2a6c6befd5958c7c9c946d2189d2f128 2007.1/i586/net-snmp-mibs-5.3.1-3.1mdv2007.1.i586.rpm
5cd1e27c1af30157ead213324c440527 2007.1/i586/net-snmp-trapd-5.3.1-3.1mdv2007.1.i586.rpm
423682a7f455940da49272647925838e 2007.1/i586/net-snmp-utils-5.3.1-3.1mdv2007.1.i586.rpm
1ca18897188b7a34d98b146d65746477 2007.1/i586/perl-NetSNMP-5.3.1-3.1mdv2007.1.i586.rpm
f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
9cdea571a84945accd6d38527b1bedb5 2007.1/x86_64/lib64net-snmp10-5.3.1-3.1mdv2007.1.x86_64.rpm
8352cb8ef1fac035ea009d696e1d5837 2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.1mdv2007.1.x86_64.rpm
5e54dd10e2f97bd2ee23f0a715ef734e 2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm
3187463725a5b015d3f507ac4a723160 2007.1/x86_64/net-snmp-5.3.1-3.1mdv2007.1.x86_64.rpm
638d8c0a5d4be46ee1b9c2640ed7a061 2007.1/x86_64/net-snmp-mibs-5.3.1-3.1mdv2007.1.x86_64.rpm
c4f41ebf9bf64dfc5236bb935ee16c31 2007.1/x86_64/net-snmp-trapd-5.3.1-3.1mdv2007.1.x86_64.rpm
734133a9a7a860f90b76c8bd72a0ddd0 2007.1/x86_64/net-snmp-utils-5.3.1-3.1mdv2007.1.x86_64.rpm
b1f5da81f1c27888df5ba8f71279fb05 2007.1/x86_64/perl-NetSNMP-5.3.1-3.1mdv2007.1.x86_64.rpm
f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-3.1mdv2007.1.src.rpm

Corporate 3.0:
748009feee8a9d4d904b7e77537ff791 corporate/3.0/i586/libnet-snmp5-5.1-7.3.C30mdk.i586.rpm
8ca0b75c8ec8e0839ae37335b04629ab corporate/3.0/i586/libnet-snmp5-devel-5.1-7.3.C30mdk.i586.rpm
a0c2d416faa87c016826b5f8616c3af3 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.3.C30mdk.i586.rpm
99659604d3f40d23179b2b3138178e41 corporate/3.0/i586/net-snmp-5.1-7.3.C30mdk.i586.rpm
3f9e8c99d31dd0dd0d3e5364325370ac corporate/3.0/i586/net-snmp-mibs-5.1-7.3.C30mdk.i586.rpm
6bf842fa5664b91062fc74fac450aa90 corporate/3.0/i586/net-snmp-trapd-5.1-7.3.C30mdk.i586.rpm
ced36508ad4a349cf945d62823b556d5 corporate/3.0/i586/net-snmp-utils-5.1-7.3.C30mdk.i586.rpm
d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-5.1-7.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
d3f097f7389841deb188d7353c5fdf5c corporate/3.0/x86_64/lib64net-snmp5-5.1-7.3.C30mdk.x86_64.rpm
b53aea1a27f1c5a1e5515abb31ac70b0 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm
a910dfbb95c2dd8fe70ce1c62e743c03 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm
bfe1ba7a83f9afcacd9273eb6ebbd538 corporate/3.0/x86_64/net-snmp-5.1-7.3.C30mdk.x86_64.rpm
b6e7b70f0d7549f44850834b2542fb8f corporate/3.0/x86_64/net-snmp-mibs-5.1-7.3.C30mdk.x86_64.rpm
a5ab3548c27e86789e41248ab53e4982 corporate/3.0/x86_64/net-snmp-trapd-5.1-7.3.C30mdk.x86_64.rpm
3c57bfdfa6b4ac44adab12bda0131a2f corporate/3.0/x86_64/net-snmp-utils-5.1-7.3.C30mdk.x86_64.rpm
d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-5.1-7.3.C30mdk.src.rpm

Corporate 4.0:
0fac46c024f1cb4a8be101e69a942233 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.1.20060mlcs4.i586.rpm
857fcac472ce931834cccde0de2741e4 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
112cceb5d76947959c251ecb1b157a3e corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm
ecf0b6386447f6442375cb39c60479cd corporate/4.0/i586/net-snmp-5.2.1.2-5.1.20060mlcs4.i586.rpm
72a4fa1c8af3cc00bfbb3d877d5c329a corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm
ab9ceaa6d9df42f687fe0c6790a2d266 corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm
c66e13b576028690583f0fa2318bee3f corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.1.20060mlcs4.i586.rpm
8aeab0a22ec99e5cde40593c883415aa corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.1.20060mlcs4.i586.rpm
b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3bb05138c10885baa4db145f2ae6c726 corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
2ef53cc96353eefb27abf76bc83bd35f corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
14ce1bda23212a415cbdcc43b46813c2 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
f6e393154ee66701b8fb5d848aeb3d7e corporate/4.0/x86_64/net-snmp-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
77fcaeda03c9bed289ba9a7a6cc1ca48 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
e40ea44f385c0c92961fb11fa4013c02 corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
537f8597086053c4d5a56ebd7d35b9e3 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
51b4c70346529ba7a88de89543d16040 corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm
b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
9210aef172a538942f490c89afb4022b mnf/2.0/i586/libnet-snmp5-5.1-7.3.M20mdk.i586.rpm
844c7d5cb0cec99e3cab16792cb7766e mnf/2.0/SRPMS/net-snmp-5.1-7.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM
+tyjwf62Xh9rba65JnJ1RtU=
=zmEd
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007225__updated_net_snmp_packages_fix_remote_denial_of_service_vulnerability.html)