Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-190-2: ucs-snmp vulnerability
Posted by Bob on: 11/21/2005 12:22 PM [ Print | 0 comment(s) ]
A new ucs-snmp vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-190-2 November 21, 2005
ucd-snmp vulnerability
CVE-2005-2177
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libsnmp4.2
The problem can be corrected by upgrading the affected package to
version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04
(for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a
standard system upgrade you need to restart the cyrus email
server with
/etc/init.d/cyrus21 restart
(with root privileges, e. g. with using sudo).
Details follow:
USN-190-1 fixed a vulnerability in the net-snmp library. It was
discovered that the same problem also affects the ucs-snmp
implementation (which is used by the Cyrus email server).
Original advisory:
A remote Denial of Service has been discovered in the SMNP (Simple
Network Management Protocol) library. If a SNMP agent uses TCP sockets
for communication, a malicious SNMP server could exploit this to crash
the agent. Please note that by default SNMP uses UDP sockets.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz
Size/MD5: 69622 5861e6945830eacba4c2094c94699aaf
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc
Size/MD5: 779 4cbc553d37af0c9db4a9c6d1471547c0
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 528770 ea77ab507ff3c90d4334e0dbaefbcfc6
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 648804 7922cb95648180a9e1d7a4d07af84523
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 457638 5af1620e60bc63d7d58c801c599a6fb4
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 624278 4c2e603b958d7fd5ca4005a8d68cfaef
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 601122 9bbcd21251c92c8244158d3ef2893b5d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 615504 b4510e4e2eb589246c3e6ab9d3d2cbbc
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz
Size/MD5: 69622 1f2f355dcc1d8a74740c75c336c7d64f
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc
Size/MD5: 779 108154374c1784cd2a4372053773bd07
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 528818 bbca4da8fd1dfdfdd75f421ebe7e7b95
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 648844 36f2c9547e261603317c1b87d8e528a5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 458084 d51dc298a88baa36c07aab3ca57a27dc
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 624800 80ddcb36a6597c811eb793f965e7b34f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 601120 b837c24ba5e35fd876e10d20ffc3b72b
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 615470 8739aefd6ccee20d2deacd3b0b0c0fb2
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz
Size/MD5: 69879 6ef2cb3af6867a1456b473088261cc93
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc
Size/MD5: 774 e9be486552af55a156c37d82b8e5934d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 551274 d75072859288156d876eb61ec0b1d9b9
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 663934 7f7ca12df144769d40dd1168fc36c679
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 465532 2669a212a3b23706f725e5d95167e143
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 619630 bddb573c1ffb88c5d722b91f27102a07
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 589426 02710f1b81d7406f246a56e5332600ac
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 628922 e6048dcafdfbda76fe3efa91fe78324b
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgap/DecnbV4Fd/IRAtsPAKC7AipbaoTVmsE0PfAknpvjQnHAbgCg2Tel
A6C5DNvXN2bJQprzU28bUXE=
=U7sd
-----END PGP SIGNATURE-----
ucd-snmp vulnerability
CVE-2005-2177
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libsnmp4.2
The problem can be corrected by upgrading the affected package to
version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04
(for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a
standard system upgrade you need to restart the cyrus email
server with
/etc/init.d/cyrus21 restart
(with root privileges, e. g. with using sudo).
Details follow:
USN-190-1 fixed a vulnerability in the net-snmp library. It was
discovered that the same problem also affects the ucs-snmp
implementation (which is used by the Cyrus email server).
Original advisory:
A remote Denial of Service has been discovered in the SMNP (Simple
Network Management Protocol) library. If a SNMP agent uses TCP sockets
for communication, a malicious SNMP server could exploit this to crash
the agent. Please note that by default SNMP uses UDP sockets.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz
Size/MD5: 69622 5861e6945830eacba4c2094c94699aaf
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc
Size/MD5: 779 4cbc553d37af0c9db4a9c6d1471547c0
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 528770 ea77ab507ff3c90d4334e0dbaefbcfc6
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb
Size/MD5: 648804 7922cb95648180a9e1d7a4d07af84523
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 457638 5af1620e60bc63d7d58c801c599a6fb4
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb
Size/MD5: 624278 4c2e603b958d7fd5ca4005a8d68cfaef
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 601122 9bbcd21251c92c8244158d3ef2893b5d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb
Size/MD5: 615504 b4510e4e2eb589246c3e6ab9d3d2cbbc
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz
Size/MD5: 69622 1f2f355dcc1d8a74740c75c336c7d64f
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc
Size/MD5: 779 108154374c1784cd2a4372053773bd07
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 528818 bbca4da8fd1dfdfdd75f421ebe7e7b95
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb
Size/MD5: 648844 36f2c9547e261603317c1b87d8e528a5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 458084 d51dc298a88baa36c07aab3ca57a27dc
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb
Size/MD5: 624800 80ddcb36a6597c811eb793f965e7b34f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 601120 b837c24ba5e35fd876e10d20ffc3b72b
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb
Size/MD5: 615470 8739aefd6ccee20d2deacd3b0b0c0fb2
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz
Size/MD5: 69879 6ef2cb3af6867a1456b473088261cc93
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc
Size/MD5: 774 e9be486552af55a156c37d82b8e5934d
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz
Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 551274 d75072859288156d876eb61ec0b1d9b9
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb
Size/MD5: 663934 7f7ca12df144769d40dd1168fc36c679
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 465532 2669a212a3b23706f725e5d95167e143
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb
Size/MD5: 619630 bddb573c1ffb88c5d722b91f27102a07
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 589426 02710f1b81d7406f246a56e5332600ac
http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb
Size/MD5: 628922 e6048dcafdfbda76fe3efa91fe78324b
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgap/DecnbV4Fd/IRAtsPAKC7AipbaoTVmsE0PfAknpvjQnHAbgCg2Tel
A6C5DNvXN2bJQprzU28bUXE=
=U7sd
-----END PGP SIGNATURE-----
