Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-946-1] Net-SNMP vulnerability
From: Kees Cook <kees () ubuntu com>
Date: Wed, 2 Jun 2010 13:30:57 -0700

===========================================================
Ubuntu Security Notice USN-946-1              June 02, 2010
net-snmp vulnerability
CVE-2008-6123
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libsnmp15                       5.4.2.1~dfsg0ubuntu1-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

Details follow:

The SNMP server did not correctly validate certain UDP clients when using
TCP wrappers.  Under some situations, a remote attacker could bypass
access restrictions and communicate with the SNMP server, potentially
leading to a loss of privacy or a denial of service.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1.diff.gz
      Size/MD5:    50255 029256b1a7e3dfc888973b3199fc4cae
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1.dsc
      Size/MD5:     1914 bc412bb0a72b617ca9024e406fbb2afb
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.2.1~dfsg0ubuntu1.orig.tar.gz
      Size/MD5:  4629563 cf417b0efce82a852b6bf580932abd30

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_all.deb
      Size/MD5:  1334534 1727057ca12e53c62341f40ad5c2f715
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_all.deb
      Size/MD5:   961194 d2f6f4fcae5c1a2e13f94a71474330e6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:  1821534 1f63a26a9442e80ea642c79c994325c9
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:   145272 4fb87b4072498a6bc8ed9d459b28a0cc
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:  1531046 a9a557c93996743685467872e8daf27c
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:  2178134 917bf64afba3961074a9acaacb7deabf
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:  1035850 08a4efe23061921b8e31e7a44a6e7b42
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:   953198 0b55e8ebe0d0cb817f35ac215863ae51
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_amd64.deb
      Size/MD5:   896436 fe7b9769d047531a1a023846bf2473fa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:  1576112 6e3ff9cae32dbaa3df6b68a67ffcfcf0
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:   142000 f541888c1f926269e7d84282043457be
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:  1530056 77c4e2bc96802bb256b07d1b10b7acd5
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:  2057450 94dcc771caef32458d80928f38c670a3
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:  1026320 7bc92b1f6d0ff3aeed09e4415416c4af
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:   949472 ebbc700be30b0c11e93368850ec62f75
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_i386.deb
      Size/MD5:   895424 6826be9b31d4f135869de1fde300476c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:  1910436 110e0536e0b44d83ef5a9b474d2c1806
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:   146512 942b19acb68679ada9676d061bd547da
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:  1574948 ad736ea8604e01f02825b12c8c43bf87
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:  2114854 2f044cc3b6fc0be85e412fa7d4c7a480
    http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:  1030402 e1813a035ca31cc9fa5856ee571b6a57
    http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:   950300 074a5279f56ed513cba85a7f675c5604
    http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_powerpc.deb
      Size/MD5:   896144 89ecf0967a05fd9eb822634742a7e551

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:  1804950 cb4b6465b5708f30d5bc13f796f26249
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:   138236 22e9cffa177820f548e0a33a5a5e281c
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:  1403642 be2d9ddf617e18b4fb1bf3d4a56670e7
    http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:  2072232 4b4c74cd693ceccb382aa1c76890676c
    http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:  1034014 232cf7a6c0f838aa40edf6ac659a748a
    http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:   952498 c03e906338d5f8923bb2358defa5e1d1
    http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.2.1~dfsg0ubuntu1-0ubuntu2.1_sparc.deb
      Size/MD5:   896602 71ecde10a5577ee3ad08e7bfb59883b1

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-946-1] Net-SNMP vulnerability Kees Cook (Jun 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]