USN-190-2: ucs-snmp vulnerability
Posted on: 11/21/2005 12:22 PM

A new ucs-snmp vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-190-2 November 21, 2005
ucd-snmp vulnerability
CVE-2005-2177
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsnmp4.2

The problem can be corrected by upgrading the affected package to
version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04
(for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a
standard system upgrade you need to restart the cyrus email
server with

/etc/init.d/cyrus21 restart

(with root privileges, e. g. with using sudo).

Details follow:

USN-190-1 fixed a vulnerability in the net-snmp library. It was
discovered that the same problem also affects the ucs-snmp
implementation (which is used by the Cyrus email server).

Original advisory:

A remote Denial of Service has been discovered in the SMNP (Simple
Network Management Protocol) library. If a SNMP agent uses TCP sockets
for communication, a malicious SNMP server could exploit this to crash
the agent. Please note that by default SNMP uses UDP sockets.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz
Size/MD5: 69622 5861e6945830eacba4c2094c94699aaf
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc
Size/MD5: 779 4cbc553d37af0c9db4a9c6d1471547c0
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 528770 ea77ab507ff3c90d4334e0dbaefbcfc6
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 648804 7922cb95648180a9e1d7a4d07af84523

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 457638 5af1620e60bc63d7d58c801c599a6fb4
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 624278 4c2e603b958d7fd5ca4005a8d68cfaef

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 601122 9bbcd21251c92c8244158d3ef2893b5d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 615504 b4510e4e2eb589246c3e6ab9d3d2cbbc

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz
Size/MD5: 69622 1f2f355dcc1d8a74740c75c336c7d64f
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc
Size/MD5: 779 108154374c1784cd2a4372053773bd07
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 528818 bbca4da8fd1dfdfdd75f421ebe7e7b95
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 648844 36f2c9547e261603317c1b87d8e528a5

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 458084 d51dc298a88baa36c07aab3ca57a27dc
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 624800 80ddcb36a6597c811eb793f965e7b34f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 601120 b837c24ba5e35fd876e10d20ffc3b72b
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 615470 8739aefd6ccee20d2deacd3b0b0c0fb2

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz
Size/MD5: 69879 6ef2cb3af6867a1456b473088261cc93
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc
Size/MD5: 774 e9be486552af55a156c37d82b8e5934d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 551274 d75072859288156d876eb61ec0b1d9b9
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 663934 7f7ca12df144769d40dd1168fc36c679

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 465532 2669a212a3b23706f725e5d95167e143
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 619630 bddb573c1ffb88c5d722b91f27102a07

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 589426 02710f1b81d7406f246a56e5332600ac
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 628922 e6048dcafdfbda76fe3efa91fe78324b

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDgap/DecnbV4Fd/IRAtsPAKC7AipbaoTVmsE0PfAknpvjQnHAbgCg2Tel
A6C5DNvXN2bJQprzU28bUXE=
=U7sd
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_190_2_ucs_snmp_vulnerability.html)