=========================================================== Ubuntu Security Notice USN-564-1 January 09, 2008 net-snmp vulnerability CVE-2007-5846 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: snmpd 5.2.1.2-4ubuntu2.2 Ubuntu 6.10: snmpd 5.2.2-5ubuntu1.1 Ubuntu 7.04: snmpd 5.2.3-4ubuntu1.1 Ubuntu 7.10: snmpd 5.3.1-6ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.2.diff.gz Size/MD5: 73469 41775878adc65a77a8f0acabcef54ab8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.2.dsc Size/MD5: 792 42f89c30812b939e85467c85e6fac226 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.2_all.deb Size/MD5: 1152224 552811fe821c44389f39be7bf99b3c4d http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.2_all.deb Size/MD5: 822818 44bdfbc8d77284f280b88b1bda231157 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.2_amd64.deb Size/MD5: 896350 1d27487c8ce8afc0c6c4688ce54e4775 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.2_amd64.deb Size/MD5: 1497140 7c185087e208e401d66e5bcd85a78156 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.2_amd64.deb Size/MD5: 1826138 d40338391c1589dbb4bd99788573155d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.2_amd64.deb Size/MD5: 889174 44d8802d139aa86e39c44e6ebec5ad00 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.2_amd64.deb Size/MD5: 796960 d28e9ab286356e115c261da9ecf88854 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.2_i386.deb Size/MD5: 896600 9102e1256c2d1464572a1adbf89b6ed8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.2_i386.deb Size/MD5: 1268010 60b2ac1de7d02cdb2bc932fb46d5682f http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.2_i386.deb Size/MD5: 1709928 4f6911acca12eccc4b5f1fdaaf230ee5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.2_i386.deb Size/MD5: 881708 01245c4c3b5fff0309ec910b11f195c5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.2_i386.deb Size/MD5: 794548 76c51ee892ff1a3b5454f91dddcadb3a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.2_powerpc.deb Size/MD5: 912752 183fcacf4ca2927f38762fff88e7b1bb http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.2_powerpc.deb Size/MD5: 1589534 fc72c8071bc84c8efbd339205f6cfa1d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.2_powerpc.deb Size/MD5: 1727688 c649f57531b9a93b9df566c4b49399d3 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.2_powerpc.deb Size/MD5: 898478 31322dddba48aaec12e04a7f99faa5b0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.2_powerpc.deb Size/MD5: 795888 3500f9e5b40b455fe02df2b4b0881686 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.2_sparc.deb Size/MD5: 896596 789446291f97bb2087ef66e11dc46807 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.2_sparc.deb Size/MD5: 1485236 743b265bb622dee4985a81ccd2849212 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.2_sparc.deb Size/MD5: 1706406 1e8d240a3856a6e162390ce648014da5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.2_sparc.deb Size/MD5: 883052 f745bed88034440c642eb890e51aef47 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.2_sparc.deb Size/MD5: 796262 2b59e49ac4ab33d8988090a3d8f0ac68 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.2-5ubuntu1.1.diff.gz Size/MD5: 85905 f6670282d3b9a3b61600f75d6c615d4c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.2-5ubuntu1.1.dsc Size/MD5: 912 0c152276802af6802293bb2acb31d736 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.2.orig.tar.gz Size/MD5: 3919826 2d9cdf956d6be5c5fcf2f898b403389b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.2-5ubuntu1.1_all.deb Size/MD5: 1186736 51fb32031f718cc898591eab082215c8 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.2-5ubuntu1.1_all.deb Size/MD5: 842000 d0365dc642323eed4a09a1ecb8baba95 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.2-5ubuntu1.1_amd64.deb Size/MD5: 905072 5fc7fd74e7e9985a9f4746aa030355a8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.2-5ubuntu1.1_amd64.deb Size/MD5: 1563940 88e95e1f8ee0b20e1ca3b30c813f38b0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.2-5ubuntu1.1_amd64.deb Size/MD5: 1885956 071d31bb45e135e8a6046e9a92873ba6 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.2-5ubuntu1.1_amd64.deb Size/MD5: 917756 8c7ca19485b11096a646fce63110d27f http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.2-5ubuntu1.1_amd64.deb Size/MD5: 820400 8f83a2b9dfaa58ec9c4a064c8bb33b67 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.2-5ubuntu1.1_i386.deb Size/MD5: 902992 40cbc067400821e71fa10c79c24379de http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.2-5ubuntu1.1_i386.deb Size/MD5: 1371084 54f29b6d874c515f2c3cf604fedf1fc4 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.2-5ubuntu1.1_i386.deb Size/MD5: 1815144 bfd1ade685311f8a1630d4c817cf1de8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.2-5ubuntu1.1_i386.deb Size/MD5: 913192 1b207425815b3f08388bbd36061f06d6 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.2-5ubuntu1.1_i386.deb Size/MD5: 819338 df39052931c11691be9fd82f1d3d6d7f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.2-5ubuntu1.1_powerpc.deb Size/MD5: 915174 6c4118eae2d059b9984c49995eed8f70 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.2-5ubuntu1.1_powerpc.deb Size/MD5: 1665488 29b7f8ae66c22f8b4f339473edb12018 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.2-5ubuntu1.1_powerpc.deb Size/MD5: 1794320 0d70c20b13fa3b2d76473186a4c96bd0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.2-5ubuntu1.1_powerpc.deb Size/MD5: 929030 ed51973cc0b046835933d798ca70cbe6 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.2-5ubuntu1.1_powerpc.deb Size/MD5: 820376 99c1560ae0c13cdcb97f560e0916dbc3 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.2-5ubuntu1.1_sparc.deb Size/MD5: 906028 aac738a6a7d278ab892a9ab012338a50 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.2-5ubuntu1.1_sparc.deb Size/MD5: 1558794 7a7c59ac232b3058e1f54b03d7d0fa25 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.2-5ubuntu1.1_sparc.deb Size/MD5: 1774490 daf98b61f447e7f8ae1220529cc51981 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.2-5ubuntu1.1_sparc.deb Size/MD5: 912654 80f1a9135ebc5c341f5c650a98a8e468 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.2-5ubuntu1.1_sparc.deb Size/MD5: 819560 b5d1598330b532ecc0fa1c7071fef678 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.3-4ubuntu1.1.diff.gz Size/MD5: 88724 f46ba058238ea3ad5196afdac786e140 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.3-4ubuntu1.1.dsc Size/MD5: 959 a16917ef90b787da88e04eb80bc4fbce http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz Size/MD5: 4006389 ba4bc583413f90618228d0f196da8181 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.3-4ubuntu1.1_all.deb Size/MD5: 1200608 58f2414d3a63d31b6840be871e5222bd http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.3-4ubuntu1.1_all.deb Size/MD5: 855132 87cee1752976e00ca0012f55216dc284 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.3-4ubuntu1.1_amd64.deb Size/MD5: 919170 721b9d47700df4178b58faf15149e034 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.3-4ubuntu1.1_amd64.deb Size/MD5: 1567048 d8506073a134fbb6cdb68691893f27d7 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.3-4ubuntu1.1_amd64.deb Size/MD5: 1925878 386f5dfefd3c007332c7e502fd02fa1c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.3-4ubuntu1.1_amd64.deb Size/MD5: 933078 e671bd51c3b52dbeee2b0d41f235b4f7 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.3-4ubuntu1.1_amd64.deb Size/MD5: 834524 49ed1155f0b3e846512b3b689baefdbd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.3-4ubuntu1.1_i386.deb Size/MD5: 916844 8fe741bc696d05911867970702995b42 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.3-4ubuntu1.1_i386.deb Size/MD5: 1372676 a384a9fe481de94b646b263bf90ec53e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.3-4ubuntu1.1_i386.deb Size/MD5: 1855608 760f3a4ddead08c5cfa7ac317f33684d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.3-4ubuntu1.1_i386.deb Size/MD5: 927768 3aabd8d29b7217e32e69fa9e4d827e1e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.3-4ubuntu1.1_i386.deb Size/MD5: 833478 a184b09a572c681eeb0fca178413246d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.3-4ubuntu1.1_powerpc.deb Size/MD5: 934542 6563484070527a4a996a2f22e3105bec http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.3-4ubuntu1.1_powerpc.deb Size/MD5: 1666434 23e0ec62b1a5c0c40b7e46f186d87d43 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.3-4ubuntu1.1_powerpc.deb Size/MD5: 1884162 5c166590beb41f6cd5094bf52ca17724 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.3-4ubuntu1.1_powerpc.deb Size/MD5: 955078 3289645a510d25b5def926701e46a17c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.3-4ubuntu1.1_powerpc.deb Size/MD5: 837892 404cca940a2021cf4accfdbdf5dfe7ff sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.3-4ubuntu1.1_sparc.deb Size/MD5: 919810 22f1639c562e6ddfbaebf639e33682c7 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.3-4ubuntu1.1_sparc.deb Size/MD5: 1561300 135f5a4bdff1e15d8ea35da70dda9a57 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.3-4ubuntu1.1_sparc.deb Size/MD5: 1813594 985d30ab5c3b5c3ca27aea7000db4a3b http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.3-4ubuntu1.1_sparc.deb Size/MD5: 931400 035c8c7213c2ef024d37afeb209feedd http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.3-4ubuntu1.1_sparc.deb Size/MD5: 834718 ca209ce89bc14ad251198a06afcd2f3b Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.1.diff.gz Size/MD5: 93272 326970b465de8674a77cb6ad785ababc http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.1.dsc Size/MD5: 1241 8aa8cea0eccc4a953432bc47eafc0bc2 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.1_all.deb Size/MD5: 484190 0a4dd5fa50e5c4a16a65a6b1865ff06b http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.1_all.deb Size/MD5: 901114 8719e970df55e3d2635b2485f373bc82 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.1_amd64.deb Size/MD5: 2541538 94351d6a4ca658343cad4eacd364c78e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.1_amd64.deb Size/MD5: 968516 5ae530e16c4e3fd4287e7235cc7b132f http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.1_amd64.deb Size/MD5: 1200560 fa04a42c709acc0c50414909863b9633 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.1_amd64.deb Size/MD5: 996100 720ba7ddc9556e5273e862e124f25ff0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.1_amd64.deb Size/MD5: 908606 86ab03b0ae235fae7ad7af53946a9a6c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.1_i386.deb Size/MD5: 2321010 81c78b2b879e916babf2465e71f86cdb http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.1_i386.deb Size/MD5: 966660 cbc04d494605f8024a2171f8ff5fdef4 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.1_i386.deb Size/MD5: 1123664 02a985337db7c1d5e8fbfe1e0e25e940 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.1_i386.deb Size/MD5: 991474 134382c2b82a23087ed31873445cc868 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.1_i386.deb Size/MD5: 907350 eed861cc66bd71bddecf6d9def6023f6 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.1_powerpc.deb Size/MD5: 2640270 9ce74bb6c02b24ddf485ee5017c0db98 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.1_powerpc.deb Size/MD5: 985342 720b0f6b5d42bd63011e5d24eb4dc950 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.1_powerpc.deb Size/MD5: 1153902 991f5cdc21d72c18a4b1823d46e8deb1 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.1_powerpc.deb Size/MD5: 1018106 5fe3e52ed215866bf27eeb459b03f230 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.1_powerpc.deb Size/MD5: 911704 f557e7bb620a734214ddb253c58e3690 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.1_sparc.deb Size/MD5: 2527436 9b0dd3ffc350274e6d3b7b2cd88f9945 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.1_sparc.deb Size/MD5: 969850 0040e82b8f8b0ca2e56223f30eeac457 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.1_sparc.deb Size/MD5: 1078438 f0bf75e1e5ba35e2fab091d79f5dddab http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.1_sparc.deb Size/MD5: 994804 d6e36365a7069c744948a5d67a77724b http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.1_sparc.deb Size/MD5: 908496 66ed8621460748ad301c1ca490f678d3