Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:056 ] net-snmp

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1235611449-6173-1595

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:056

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : net-snmp

Date : February 25, 2009

Affected: 2009.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability has been identified and corrected in net-snmp:

 

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in

net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client

authorization, does not properly parse hosts.allow rules, which

allows remote attackers to bypass intended access restrictions

and execute SNMP queries, related to source/destination IP address

confusion. (CVE-2008-6123)

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2009.0:

7b667de5129a9e08b36d805d35cbf060 2009.0/i586/libnet-snmp15-5.4.2-2.2mdv2009.0.i586.rpm

6c151b3d78c5d246ed85b895ba5156d3 2009.0/i586/libnet-snmp-devel-5.4.2-2.2mdv2009.0.i586.rpm

6a72b790faef70202bd1f621d3a1bee4 2009.0/i586/libnet-snmp-static-devel-5.4.2-2.2mdv2009.0.i586.rpm

b13546014a62f1b769301e3c4d81e212 2009.0/i586/net-snmp-5.4.2-2.2mdv2009.0.i586.rpm

6a1b4a23390aa6ccb08aa10159e84c75 2009.0/i586/net-snmp-mibs-5.4.2-2.2mdv2009.0.i586.rpm

3a685061ed4b5d88807a0a41057cc4fc 2009.0/i586/net-snmp-tkmib-5.4.2-2.2mdv2009.0.i586.rpm

af6a207a925a66c499728e2a636e4f10 2009.0/i586/net-snmp-trapd-5.4.2-2.2mdv2009.0.i586.rpm

ad9a815a618a83c09c34dd2c6b0f0722 2009.0/i586/net-snmp-utils-5.4.2-2.2mdv2009.0.i586.rpm

4bd012033253d9f07c1b09c014af1d28 2009.0/i586/perl-NetSNMP-5.4.2-2.2mdv2009.0.i586.rpm

9a66514b5c275e034957e187730f502d 2009.0/SRPMS/net-snmp-5.4.2-2.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

3afaf4fd7163993c13a9d2aae802e300 2009.0/x86_64/lib64net-snmp15-5.4.2-2.2mdv2009.0.x86_64.rpm

7b0220b95b4489bbf4e7f5dcce41c19b 2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.2mdv2009.0.x86_64.rpm

149370affda026d32bf857b59ef67d77 2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.2mdv2009.0.x86_64.rpm

3807127a87ecc25f0039dfde2779cd57 2009.0/x86_64/net-snmp-5.4.2-2.2mdv2009.0.x86_64.rpm

34a8c8cba34e4f3d6442d42f87f37d3a 2009.0/x86_64/net-snmp-mibs-5.4.2-2.2mdv2009.0.x86_64.rpm

a213806e75a50d5cee646a20f85e60d4 2009.0/x86_64/net-snmp-tkmib-5.4.2-2.2mdv2009.0.x86_64.rpm

6b4a5a30800a1aa6553a665846d7f3a6 2009.0/x86_64/net-snmp-trapd-5.4.2-2.2mdv2009.0.x86_64.rpm

586c0064a0cff39fa1a44be87da1e3f5 2009.0/x86_64/net-snmp-utils-5.4.2-2.2mdv2009.0.x86_64.rpm

dc4b52e9910de9710c91aaecbae2794b 2009.0/x86_64/perl-NetSNMP-5.4.2-2.2mdv2009.0.x86_64.rpm

9a66514b5c275e034957e187730f502d 2009.0/SRPMS/net-snmp-5.4.2-2.2mdv2009.0.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJpcehmqjQ0CJFipgRAtPFAJ9mfqal0TdNGtVMBlaFw/7graHNwACfXjQ7

hh38u4gHmrC7lK40UlsOoSE=

=8VY2

-----END PGP SIGNATURE-----

 

 

------------=_1235611449-6173-1595

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1235611449-6173-1595--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×