ID

VAR-200810-0643

CVE

CVE-2008-4309

TITLE

net-snmp of netsnmp_create_subtree_cache Integer overflow vulnerability in functions

DESCRIPTION

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. net-snmp of netsnmp_create_subtree_cache Functions include SNMP GETBULK An integer overflow vulnerability exists due to a flaw in processing requests.Crafted by a third party SNMP GETBULK Service interruption due to request (DoS) There is a possibility of being put into a state. Net-SNMP is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue affects versions *prior to* the following: Net-SNMP 5.2.5.1 Net-SNMP 5.3.2.3 Net-SNMP 5.4.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Net-SNMP: Denial of Service Date: January 21, 2009 Bugs: #245306 ID: 200901-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Net-SNMP could lead to a Denial of Service. Background ========== Net-SNMP is a collection of tools for generating and retrieving SNMP data. NOTE: The attacker needs to know the community string to exploit this vulnerability. Workaround ========== Restrict access to trusted entities only. Resolution ========== All Net-SNMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1" References ========== [ 1 ] CVE-2008-4309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200901-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. This vulnerability was introduced by an incorrect fix for CVE-2008-4309. Note: After installing the previous patch for net-snmp (ESX350-200901409-SG), running the snmpbulkwalk command with the parameter -CnX results in no output, and the snmpd daemon stops. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is now available and addresses the following: CVE-ID: CVE-2008-4309 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may terminate the operation of the SNMP service Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. By default, the 'WAN SNMP' configuration option is disabled, and the SNMP service is accessible only to other devices on the local network. This issue is addressed by applying the Net-SNMP patches. CVE-ID: CVE-2009-2189 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: Receiving a large number of IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets from a system on the local network may cause the base station to restart Description: A resource consumption issue exists in the base station's handling of Router Advertisement (RA) and Neighbor Discovery (ND) packets. A system on the local network may send a large number of RA and ND packets that could exhaust the base station's resources, causing it to restart unexpectedly. This issue is addressed by rate limiting incoming ICMPv6 packets. Credit to Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this issue. CVE-ID: CVE-2010-0039 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: An attacker may be able to query services behind an AirPort Base Station or Time Capsule's NAT from the source IP of the router, if any system behind the NAT has a portmapped FTP server Description: The AirPort Extreme Base Station and Time Capsule's Application-Level Gateway (ALG) rewrites incoming FTP traffic, including PORT commands, to appear as if it is the source. An attacker with write access to an FTP server inside the NAT may issue a malicious PORT command, causing the ALG to send attacker-supplied data to an IP and port behind the NAT. As the data is resent from the Base Station, it could potentially bypass any IP-based restrictions for the service. This issue is addressed by not rewriting inbound PORT commands via the ALG. Credit to Sabahattin Gucukoglu for reporting this issue. CVE-ID: CVE-2009-1574 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference in racoon's handling of fragmented ISAKMP packets may allow a remote attacker to cause an unexpected termination of the racoon daemon. This issue is addressed through improved validation of fragmented ISAKMP packets. CVE-ID: CVE-2010-1804 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may cause the device to stop processing network traffic Description: An implementation issue exists in the network bridge. Sending a maliciously crafted DHCP reply to the device may cause it to stop responding to network traffic. This issue affects devices that have been configured to act as a bridge, or are configured in Network Address Translation (NAT) mode with a default host enabled. By default, the device operates in NAT mode, and no default host is configured. This update addresses the issue through improved handling of DHCP packets on the network bridge. Credit to Stefan R. Filipek for reporting this issue. Installation note for Firmware version 7.5.2 Firmware version 7.5.2 is installed into Time Capsule or AirPort Base Station with 802.11n via AirPort Utility, provided with the device. It is recommended that AirPort Utility 5.5.2 be installed before upgrading to Firmware version 7.5.2. AirPort Utility 5.5.2 may be obtained through Apple's Software Download site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD 3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY= =WPH8 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0001 Synopsis: ESX patches address an issue loading corrupt virtual disks and update Service Console packages Issue date: 2009-01-30 Updated on: 2009-01-30 (initial release of advisory) CVE numbers: CVE-2008-4914 CVE-2008-4309 CVE-2008-4226 CVE-2008-4225 - ------------------------------------------------------------------------ 1. Summary Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2. 2. Relevant releases VMware ESXi 3.5 without patch ESXe350-200901401-I-SG VMware ESX 3.5 without patches ESX350-200901401-SG, ESX350-200901409-SG, ESX350-200901410-SG VMware ESX 3.0.3 without patches ESX303-200901405-SG, ESX303-200901406-SG VMware ESX 3.0.2 without patches ESX-1007673, ESX-1007674 NOTE: Extended support for ESX 3.5 Update 1 ends on 7/25/2009, users should plan to upgrade to at least ESX 3.5 Update 2 by that time. Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. 3. Problem Description a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi ESXe350-200901401-I-SG ESX 3.5 ESX ESX350-200901401-SG ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200901409-SG ESX 3.0.3 ESX ESX303-200901405-SG ESX 3.0.2 ESX ESX-1007673 ESX 2.5.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200901410-SG ESX 3.0.3 ESX ESX303-200901406-SG ESX 3.0.2 ESX ESX-1007674 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESXi ---- ESXi 3.5 patch ESXe350-200901401-I-SG http://download3.vmware.com/software/vi/ESXe350-200901401-O-SG.zip md5sum: 588dc7bfdee4e4c5ac626906c37fc784 http://kb.vmware.com/kb/1006661 NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file. ESX --- ESX 3.5 patch ESX350-200901401-SG (VMDK) http://download3.vmware.com/software/vi/ESX350-200901401-SG.zip md5sum: 2769ac30078656b01ca1e2fdfa3230e9 http://kb.vmware.com/kb/1006651 ESX 3.5 patch ESX350-200901409-SG (net-snmp) http://download3.vmware.com/software/vi/ESX350-200901409-SG.zip md5sum: 2c75cd848d9f3c51619b9a7bd60d20a3 http://kb.vmware.com/kb/1006659 ESX 3.5 patch ESX350-200901410-SG (libxml2) http://download3.vmware.com/software/vi/ESX350-200901410-SG.zip md5sum: 061f96373244e7eab3f0d5fe2415ce91 http://kb.vmware.com/kb/1006660 ESX 3.0.3 patch ESX303-200901405-SG (net-snmp) http://download3.vmware.com/software/vi/ESX303-200901405-SG.zip md5sum: 9983b63a1e2dc7fb3d80f0021c1c347c http://kb.vmware.com/kb/1007681 ESX 3.0.3 patch ESX303-200901406-SG (libxml2) http://download3.vmware.com/software/vi/ESX303-200901406-SG.zip md5sum: 2d5a827ccaf406a54dd3a5affee39db0 http://kb.vmware.com/kb/1007682 ESX 3.0.2 patch ESX-1007673 (net-snmp) http://download3.vmware.com/software/vi/ESX-1007673.tgz md5sum: af4a36d2b4d731177210c789df844974 http://kb.vmware.com/kb/1007673 ESX 3.0.2 patch ESX-1007674 (libxml2) http://download3.vmware.com/software/vi/ESX-1007674.tgz md5sum: fb4b5e9a03dea5b9e24cc0766ddd2581 http://kb.vmware.com/kb/1007674 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 - ------------------------------------------------------------------------ 6. Change log 2009-01-30 VMSA-2009-0001 Initial security advisory after release of patches for ESXi, ESX 3.5, ESX 3.0.3, ESX 3.0.2 on 2009-01-30. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFJhAYnS2KysvBH1xkRAiqwAJ47A5mvajtIwB6kZCcNcvUGoraANACbBTsD cgkdo5JKkJLgol+Y2VXW1co= =PvKt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 63c576c59db3887c9ff46aea999af904 2008.0/i586/libnet-snmp15-5.4.1-1.2mdv2008.0.i586.rpm 208783bde426bc2994b25eac38a2f6f6 2008.0/i586/libnet-snmp-devel-5.4.1-1.2mdv2008.0.i586.rpm 68d9b48a792253fcb647cb44b024fc6a 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.2mdv2008.0.i586.rpm 837f701fa84fbf24f866332d374baea0 2008.0/i586/net-snmp-5.4.1-1.2mdv2008.0.i586.rpm 6b8e3cde829e41e882a2bbde8f70e5c0 2008.0/i586/net-snmp-mibs-5.4.1-1.2mdv2008.0.i586.rpm 9c8d0a70cd23f49af617ebd950ab913b 2008.0/i586/net-snmp-trapd-5.4.1-1.2mdv2008.0.i586.rpm 27f9666d87ad5c63a170fa515c2cfb79 2008.0/i586/net-snmp-utils-5.4.1-1.2mdv2008.0.i586.rpm fa774042539e5fa60662ea26cf5f79bb 2008.0/i586/perl-NetSNMP-5.4.1-1.2mdv2008.0.i586.rpm 62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7862778bf4b9262707dae0101a051e84 2008.0/x86_64/lib64net-snmp15-5.4.1-1.2mdv2008.0.x86_64.rpm 907423d895272503d6684a7f14618a97 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.2mdv2008.0.x86_64.rpm ba8972ac3af0a41754d7d830237be4a8 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.2mdv2008.0.x86_64.rpm 2f8efd6d1db501439a1da8b205c3ba4b 2008.0/x86_64/net-snmp-5.4.1-1.2mdv2008.0.x86_64.rpm bd431f5a0c11b796223911463216d236 2008.0/x86_64/net-snmp-mibs-5.4.1-1.2mdv2008.0.x86_64.rpm 929e4b2e24137d0aed30e012d2cbee25 2008.0/x86_64/net-snmp-trapd-5.4.1-1.2mdv2008.0.x86_64.rpm 80679956f6b8e3f8095f1767d34cf7c7 2008.0/x86_64/net-snmp-utils-5.4.1-1.2mdv2008.0.x86_64.rpm f8c2af7b036a33dbadf22498933c90b5 2008.0/x86_64/perl-NetSNMP-5.4.1-1.2mdv2008.0.x86_64.rpm 62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm Mandriva Linux 2008.1: aafe61f1aaaf2e13ef051fc1d7f5ab91 2008.1/i586/libnet-snmp15-5.4.1-5.2mdv2008.1.i586.rpm c7f2b5e4d5955a12b4df0fbf82f38544 2008.1/i586/libnet-snmp-devel-5.4.1-5.2mdv2008.1.i586.rpm f77c410069f938ae382fbee7012a349d 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.2mdv2008.1.i586.rpm 941b90ef50005b50829419575ab80ec1 2008.1/i586/net-snmp-5.4.1-5.2mdv2008.1.i586.rpm d8d459f3213cb97b2708c37c787a7035 2008.1/i586/net-snmp-mibs-5.4.1-5.2mdv2008.1.i586.rpm c753c1d4694d7b8c81f517c0c019accf 2008.1/i586/net-snmp-tkmib-5.4.1-5.2mdv2008.1.i586.rpm 69a0f39e0366cda18fb3cb7440adf2c8 2008.1/i586/net-snmp-trapd-5.4.1-5.2mdv2008.1.i586.rpm 825fe8ac0059480495d5f9f92b41775a 2008.1/i586/net-snmp-utils-5.4.1-5.2mdv2008.1.i586.rpm 61b88005dba39bdad7c18c2774fab3ed 2008.1/i586/perl-NetSNMP-5.4.1-5.2mdv2008.1.i586.rpm 1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: c4ddb52926754e188afa827365a9402d 2008.1/x86_64/lib64net-snmp15-5.4.1-5.2mdv2008.1.x86_64.rpm b71406ffbf1fddbe11d4e23636015043 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.2mdv2008.1.x86_64.rpm fbed296540545616ff8f248b32e7edf2 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.2mdv2008.1.x86_64.rpm 7e4f56fe2433fd5a80b3ec09ca801755 2008.1/x86_64/net-snmp-5.4.1-5.2mdv2008.1.x86_64.rpm 6275046a91fd1aea967f893720348f88 2008.1/x86_64/net-snmp-mibs-5.4.1-5.2mdv2008.1.x86_64.rpm c05711a0a2a0b69652c6d19e3c883e01 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.2mdv2008.1.x86_64.rpm 012b8391c5c49432d270d247e39fa64a 2008.1/x86_64/net-snmp-trapd-5.4.1-5.2mdv2008.1.x86_64.rpm d05bc5b73d566e16b76517fdd90f968d 2008.1/x86_64/net-snmp-utils-5.4.1-5.2mdv2008.1.x86_64.rpm d37bc36bd7a861f71fce000319904387 2008.1/x86_64/perl-NetSNMP-5.4.1-5.2mdv2008.1.x86_64.rpm 1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 67a289261b50a6ec4bbb74503ff15860 2009.0/i586/libnet-snmp15-5.4.2-2.1mdv2009.0.i586.rpm c0b057998d757e7988cac2276cc16d6a 2009.0/i586/libnet-snmp-devel-5.4.2-2.1mdv2009.0.i586.rpm 340271a223791169762e826744d1aab3 2009.0/i586/libnet-snmp-static-devel-5.4.2-2.1mdv2009.0.i586.rpm 4dad88af5b12b6001adc135e54a5f94c 2009.0/i586/net-snmp-5.4.2-2.1mdv2009.0.i586.rpm 41cc69981bd2dd2886f764f46a19c326 2009.0/i586/net-snmp-mibs-5.4.2-2.1mdv2009.0.i586.rpm 84ebcf44ee0d90e956d138ecafe7a9e0 2009.0/i586/net-snmp-tkmib-5.4.2-2.1mdv2009.0.i586.rpm d9ff03f1bb268735f27d4e70e441675a 2009.0/i586/net-snmp-trapd-5.4.2-2.1mdv2009.0.i586.rpm 7d4891eb14e73c8f53cd7bee93dcab4b 2009.0/i586/net-snmp-utils-5.4.2-2.1mdv2009.0.i586.rpm 66d9db711d7064d6326c50414ffe945b 2009.0/i586/perl-NetSNMP-5.4.2-2.1mdv2009.0.i586.rpm 142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d9b76860696183041c5431b28c133d79 2009.0/x86_64/lib64net-snmp15-5.4.2-2.1mdv2009.0.x86_64.rpm 3868b49eec570997ec1bce4603fdb5b1 2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.1mdv2009.0.x86_64.rpm fde92f379f3e6f5d8e3cd307e0d3866d 2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.1mdv2009.0.x86_64.rpm 1265e20f1d23728a740ce3e23f6df279 2009.0/x86_64/net-snmp-5.4.2-2.1mdv2009.0.x86_64.rpm e799c8dbd928539d2993f3a4268cf4fc 2009.0/x86_64/net-snmp-mibs-5.4.2-2.1mdv2009.0.x86_64.rpm f34b37e106fe535c6262c0a20824cb71 2009.0/x86_64/net-snmp-tkmib-5.4.2-2.1mdv2009.0.x86_64.rpm dc838be5485af308d3f560dd3dd23845 2009.0/x86_64/net-snmp-trapd-5.4.2-2.1mdv2009.0.x86_64.rpm 66be00a8327d9e0b9fcd4fb22829fd85 2009.0/x86_64/net-snmp-utils-5.4.2-2.1mdv2009.0.x86_64.rpm b22b8c100f8b74be46f87cd9e33bdee3 2009.0/x86_64/perl-NetSNMP-5.4.2-2.1mdv2009.0.x86_64.rpm 142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm Corporate 4.0: e830fee5189a6d99235f8b5465cf1cf8 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.3.20060mlcs4.i586.rpm a2b4e29f175d2f9cc0ad8709edbbbd87 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm 741b5e8a9a8ecaf6f4a2d4849e45bd2f corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm 94da62fa6bdc660c23e308111f73665e corporate/4.0/i586/net-snmp-5.2.1.2-5.3.20060mlcs4.i586.rpm 373a8f3e0bffea791d866c35dab6f2fa corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.i586.rpm 002e256aa1c2b0179894f0df8e10e70e corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.i586.rpm 23ccf736576e9002e84c09db16953ee6 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.i586.rpm 13dc4a180a0be9c5afe36168278ffdf3 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.i586.rpm d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7095df865e54764c051f10040b4de25d corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 96a8dbf8ec18e76e4fddf52b2d19b93d corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 9af9807629580025cc1cdaba78826153 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 91d6d06059463804ae085bf42a702132 corporate/4.0/x86_64/net-snmp-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 47e44f0f67b04eae0c63ab9fc6636f10 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 478577d14048824ef556371e43892f0e corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 2766c681f5366ac9e9bfa74ff7388bd5 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.x86_64.rpm 4ea12420b159bcecc5d7b2cef2bdeb8b corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.x86_64.rpm d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01820968 Version: 1 HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-08-12 Last Updated: 2009-08-12 Potential Security Impact: Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities. References: CVE-2009-2677, CVE-2009-0590, CVE-2009-1272, CVE-2008-5161, CVE-2008-4309, CVE-2008-1720 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Insight Control Suite For Linux (ICE-LX) v2.10 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-2677 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.4 CVE-2009-0590 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1272 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2008-4309 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-1720 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following updated product kit available to resolve the vulnerabilities. The HP ICE-LX v2.11 kit is available as described below. The update file is HP_ICE_LX_V2.11_511708_004.iso which can be downloaded from here: https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPICELX The kit can also be obtained by going to http://www.hp.com/go/ice-lx Open Source packages updated in this version (v2.11) of ICE-LX net-snmp-5.4.2.1 php 5.2.9 rsync 3.0.5 openssh 5.2 p1 openssl-0.9.8k PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) 12 August 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. CVE-2008-2292 John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). For the stable distribution (etch), these problems has been fixed in version 5.2.3-7etch4. For the testing distribution (lenny) and unstable distribution (sid) these problems have been fixed in version 5.4.1~dfsg-11. We recommend that you upgrade your net-snmp package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181 Architecture independent packages: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086 http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c arm architecture (ARM) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a These files will probably be moved into the stable distribution on its next update. =========================================================== Ubuntu Security Notice USN-685-1 December 03, 2008 net-snmp vulnerabilities CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsnmp-perl 5.2.1.2-4ubuntu2.3 libsnmp9 5.2.1.2-4ubuntu2.3 Ubuntu 7.10: libsnmp-perl 5.3.1-6ubuntu2.2 libsnmp10 5.3.1-6ubuntu2.2 Ubuntu 8.04 LTS: libsnmp-perl 5.4.1~dfsg-4ubuntu4.2 libsnmp15 5.4.1~dfsg-4ubuntu4.2 Ubuntu 8.10: libsnmp15 5.4.1~dfsg-7.1ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. (CVE-2008-0960) John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292) It was discovered that the SNMP service did not correctly handle large GETBULK requests. (CVE-2008-4309) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc Size/MD5: 838 17a17230a005c1acfd0569757e728fad http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 2321524 59d44616802197e1227cf88abddefe36 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb Size/MD5: 907596 4274e006754ebc836132166e0f0429a0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb Size/MD5: 911866 57e2246930e712bdc1b039840d43af48 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz Size/MD5: 78642 b4acf50e47be498e579b934f32081d25 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 75960 fcba461f2e2376cad515329791e04a17 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 160236 196e493ce73905446a3764e73b99f332 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498 http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5 http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8 http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388 http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58 http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9 http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb Size/MD5: 38526 172493ec5df1866e2633e074c7f38775

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Input Validation Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES