-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:225 http://www.mandriva.com/security/ _______________________________________________________________________ Package : net-snmp Date : November 5, 2008 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash (CVE-2008-4309). Please note that for this to be successfully exploited, an attacker must have read access to the SNMP server. By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 63c576c59db3887c9ff46aea999af904 2008.0/i586/libnet-snmp15-5.4.1-1.2mdv2008.0.i586.rpm 208783bde426bc2994b25eac38a2f6f6 2008.0/i586/libnet-snmp-devel-5.4.1-1.2mdv2008.0.i586.rpm 68d9b48a792253fcb647cb44b024fc6a 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.2mdv2008.0.i586.rpm 837f701fa84fbf24f866332d374baea0 2008.0/i586/net-snmp-5.4.1-1.2mdv2008.0.i586.rpm 6b8e3cde829e41e882a2bbde8f70e5c0 2008.0/i586/net-snmp-mibs-5.4.1-1.2mdv2008.0.i586.rpm 9c8d0a70cd23f49af617ebd950ab913b 2008.0/i586/net-snmp-trapd-5.4.1-1.2mdv2008.0.i586.rpm 27f9666d87ad5c63a170fa515c2cfb79 2008.0/i586/net-snmp-utils-5.4.1-1.2mdv2008.0.i586.rpm fa774042539e5fa60662ea26cf5f79bb 2008.0/i586/perl-NetSNMP-5.4.1-1.2mdv2008.0.i586.rpm 62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7862778bf4b9262707dae0101a051e84 2008.0/x86_64/lib64net-snmp15-5.4.1-1.2mdv2008.0.x86_64.rpm 907423d895272503d6684a7f14618a97 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.2mdv2008.0.x86_64.rpm ba8972ac3af0a41754d7d830237be4a8 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.2mdv2008.0.x86_64.rpm 2f8efd6d1db501439a1da8b205c3ba4b 2008.0/x86_64/net-snmp-5.4.1-1.2mdv2008.0.x86_64.rpm bd431f5a0c11b796223911463216d236 2008.0/x86_64/net-snmp-mibs-5.4.1-1.2mdv2008.0.x86_64.rpm 929e4b2e24137d0aed30e012d2cbee25 2008.0/x86_64/net-snmp-trapd-5.4.1-1.2mdv2008.0.x86_64.rpm 80679956f6b8e3f8095f1767d34cf7c7 2008.0/x86_64/net-snmp-utils-5.4.1-1.2mdv2008.0.x86_64.rpm f8c2af7b036a33dbadf22498933c90b5 2008.0/x86_64/perl-NetSNMP-5.4.1-1.2mdv2008.0.x86_64.rpm 62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm Mandriva Linux 2008.1: aafe61f1aaaf2e13ef051fc1d7f5ab91 2008.1/i586/libnet-snmp15-5.4.1-5.2mdv2008.1.i586.rpm c7f2b5e4d5955a12b4df0fbf82f38544 2008.1/i586/libnet-snmp-devel-5.4.1-5.2mdv2008.1.i586.rpm f77c410069f938ae382fbee7012a349d 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.2mdv2008.1.i586.rpm 941b90ef50005b50829419575ab80ec1 2008.1/i586/net-snmp-5.4.1-5.2mdv2008.1.i586.rpm d8d459f3213cb97b2708c37c787a7035 2008.1/i586/net-snmp-mibs-5.4.1-5.2mdv2008.1.i586.rpm c753c1d4694d7b8c81f517c0c019accf 2008.1/i586/net-snmp-tkmib-5.4.1-5.2mdv2008.1.i586.rpm 69a0f39e0366cda18fb3cb7440adf2c8 2008.1/i586/net-snmp-trapd-5.4.1-5.2mdv2008.1.i586.rpm 825fe8ac0059480495d5f9f92b41775a 2008.1/i586/net-snmp-utils-5.4.1-5.2mdv2008.1.i586.rpm 61b88005dba39bdad7c18c2774fab3ed 2008.1/i586/perl-NetSNMP-5.4.1-5.2mdv2008.1.i586.rpm 1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: c4ddb52926754e188afa827365a9402d 2008.1/x86_64/lib64net-snmp15-5.4.1-5.2mdv2008.1.x86_64.rpm b71406ffbf1fddbe11d4e23636015043 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.2mdv2008.1.x86_64.rpm fbed296540545616ff8f248b32e7edf2 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.2mdv2008.1.x86_64.rpm 7e4f56fe2433fd5a80b3ec09ca801755 2008.1/x86_64/net-snmp-5.4.1-5.2mdv2008.1.x86_64.rpm 6275046a91fd1aea967f893720348f88 2008.1/x86_64/net-snmp-mibs-5.4.1-5.2mdv2008.1.x86_64.rpm c05711a0a2a0b69652c6d19e3c883e01 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.2mdv2008.1.x86_64.rpm 012b8391c5c49432d270d247e39fa64a 2008.1/x86_64/net-snmp-trapd-5.4.1-5.2mdv2008.1.x86_64.rpm d05bc5b73d566e16b76517fdd90f968d 2008.1/x86_64/net-snmp-utils-5.4.1-5.2mdv2008.1.x86_64.rpm d37bc36bd7a861f71fce000319904387 2008.1/x86_64/perl-NetSNMP-5.4.1-5.2mdv2008.1.x86_64.rpm 1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 67a289261b50a6ec4bbb74503ff15860 2009.0/i586/libnet-snmp15-5.4.2-2.1mdv2009.0.i586.rpm c0b057998d757e7988cac2276cc16d6a 2009.0/i586/libnet-snmp-devel-5.4.2-2.1mdv2009.0.i586.rpm 340271a223791169762e826744d1aab3 2009.0/i586/libnet-snmp-static-devel-5.4.2-2.1mdv2009.0.i586.rpm 4dad88af5b12b6001adc135e54a5f94c 2009.0/i586/net-snmp-5.4.2-2.1mdv2009.0.i586.rpm 41cc69981bd2dd2886f764f46a19c326 2009.0/i586/net-snmp-mibs-5.4.2-2.1mdv2009.0.i586.rpm 84ebcf44ee0d90e956d138ecafe7a9e0 2009.0/i586/net-snmp-tkmib-5.4.2-2.1mdv2009.0.i586.rpm d9ff03f1bb268735f27d4e70e441675a 2009.0/i586/net-snmp-trapd-5.4.2-2.1mdv2009.0.i586.rpm 7d4891eb14e73c8f53cd7bee93dcab4b 2009.0/i586/net-snmp-utils-5.4.2-2.1mdv2009.0.i586.rpm 66d9db711d7064d6326c50414ffe945b 2009.0/i586/perl-NetSNMP-5.4.2-2.1mdv2009.0.i586.rpm 142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d9b76860696183041c5431b28c133d79 2009.0/x86_64/lib64net-snmp15-5.4.2-2.1mdv2009.0.x86_64.rpm 3868b49eec570997ec1bce4603fdb5b1 2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.1mdv2009.0.x86_64.rpm fde92f379f3e6f5d8e3cd307e0d3866d 2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.1mdv2009.0.x86_64.rpm 1265e20f1d23728a740ce3e23f6df279 2009.0/x86_64/net-snmp-5.4.2-2.1mdv2009.0.x86_64.rpm e799c8dbd928539d2993f3a4268cf4fc 2009.0/x86_64/net-snmp-mibs-5.4.2-2.1mdv2009.0.x86_64.rpm f34b37e106fe535c6262c0a20824cb71 2009.0/x86_64/net-snmp-tkmib-5.4.2-2.1mdv2009.0.x86_64.rpm dc838be5485af308d3f560dd3dd23845 2009.0/x86_64/net-snmp-trapd-5.4.2-2.1mdv2009.0.x86_64.rpm 66be00a8327d9e0b9fcd4fb22829fd85 2009.0/x86_64/net-snmp-utils-5.4.2-2.1mdv2009.0.x86_64.rpm b22b8c100f8b74be46f87cd9e33bdee3 2009.0/x86_64/perl-NetSNMP-5.4.2-2.1mdv2009.0.x86_64.rpm 142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm Corporate 4.0: e830fee5189a6d99235f8b5465cf1cf8 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.3.20060mlcs4.i586.rpm a2b4e29f175d2f9cc0ad8709edbbbd87 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm 741b5e8a9a8ecaf6f4a2d4849e45bd2f corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm 94da62fa6bdc660c23e308111f73665e corporate/4.0/i586/net-snmp-5.2.1.2-5.3.20060mlcs4.i586.rpm 373a8f3e0bffea791d866c35dab6f2fa corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.i586.rpm 002e256aa1c2b0179894f0df8e10e70e corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.i586.rpm 23ccf736576e9002e84c09db16953ee6 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.i586.rpm 13dc4a180a0be9c5afe36168278ffdf3 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.i586.rpm d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7095df865e54764c051f10040b4de25d corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 96a8dbf8ec18e76e4fddf52b2d19b93d corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 9af9807629580025cc1cdaba78826153 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 91d6d06059463804ae085bf42a702132 corporate/4.0/x86_64/net-snmp-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 47e44f0f67b04eae0c63ab9fc6636f10 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 478577d14048824ef556371e43892f0e corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 2766c681f5366ac9e9bfa74ff7388bd5 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 4ea12420b159bcecc5d7b2cef2bdeb8b corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.x86_64.rpm d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJEdTsmqjQ0CJFipgRAk0yAJ91M1kRkgQqJovhGgIaofqwrLlWQgCglLwu 8ZyyTGYX15oaOsh4j4Mq4AU= =qPXg -----END PGP SIGNATURE-----