Search This Blog

Wednesday, October 26, 2005

[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 873-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 26th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : net-snmp
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2177
BugTraq ID : 14168

A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent's that
have opened a stream based protocol (eg TCP but not UDP). By default,
Net-SNMP does not open a TCP port.

The old stable distribution (woody) does not contain a net-snmp package.

For the stable distribution (sarge) this problem has been fixed in
version 5.1.2-6.2.

For the unstable distribution (sid) this problem has been fixed in
version 5.2.1.2-1.

We recommend that you upgrade your net-snmp package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.dsc
Size/MD5 checksum: 794 0aa985327e01703ee88e9c9fc63dcccb
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.diff.gz
Size/MD5 checksum: 67941 80b50ece9798c3634843213632ea8b53
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2.orig.tar.gz
Size/MD5 checksum: 3253579 8080555ab3f90011f25d5122042d9a8d

Architecture independent components:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.1.2-6.2_all.deb
Size/MD5 checksum: 1005346 9f09bd5325ecb399a6b8b8b4c74e409e
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.1.2-6.2_all.deb
Size/MD5 checksum: 754688 5c84a39f4fb06e9ffae0c693b4e6c1fe

Alpha architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_alpha.deb
Size/MD5 checksum: 818316 c130066a195f6061032c039dbb70f4c6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_alpha.deb
Size/MD5 checksum: 1579716 b35f6363a539100eb8a32cdee143c4b5
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_alpha.deb
Size/MD5 checksum: 1647842 99a7926ca98e85e3f8742dfc7a46b880
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_alpha.deb
Size/MD5 checksum: 820826 8645dbb814fee32fd4dba772806b4e7d
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_alpha.deb
Size/MD5 checksum: 733324 0d1113f65055b9802b1f0db33bf8566c

AMD64 architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_amd64.deb
Size/MD5 checksum: 815302 8b739d0e928cbed3d4e5fc30df4dd26d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_amd64.deb
Size/MD5 checksum: 1553650 907b6ad8b395b2167ed07331d9ae88b1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_amd64.deb
Size/MD5 checksum: 1184882 fd9f8a3c36a0573737d2856e70be4b55
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_amd64.deb
Size/MD5 checksum: 815620 073e011929c866ea6793852c48822f38
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_amd64.deb
Size/MD5 checksum: 731774 aa783fcf78888d5379c80cadfecba92f

ARM architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_arm.deb
Size/MD5 checksum: 811116 7c0db64010705b24094b04cb697c21ae
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_arm.deb
Size/MD5 checksum: 1477848 0072b62e6a873a7bca251a5a7b1a4ac6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_arm.deb
Size/MD5 checksum: 1120060 5d51cd366d5497c549c95d81233820cb
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_arm.deb
Size/MD5 checksum: 810168 1e2aaa41d86cbf1d3455cc3ad1e9246e
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_arm.deb
Size/MD5 checksum: 730678 4da842f3e4c7820b6994dbaa4ce9464c

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_i386.deb
Size/MD5 checksum: 818878 b3b728436c0d24dd71cae4c745d78d69
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_i386.deb
Size/MD5 checksum: 1531948 64e0d4d60e1ec437c0693cd80ab5652d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_i386.deb
Size/MD5 checksum: 1100052 a86f8867983efe3eaf2ae2c0a529fcd7
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_i386.deb
Size/MD5 checksum: 811618 6939d4e93c77a9da325a1558d0b1c492
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_i386.deb
Size/MD5 checksum: 730514 a31ff071dc8dc2406f60d8c9fc4f8a74

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_ia64.deb
Size/MD5 checksum: 846348 9902935d551e5eec1aaefdb2689bc1ba
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_ia64.deb
Size/MD5 checksum: 1780724 eb6b2eb4ba43a0a0bcb99cdd51b2e4e8
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_ia64.deb
Size/MD5 checksum: 1584452 caa05c744a6ce901def3aefa11347302
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_ia64.deb
Size/MD5 checksum: 838818 a59fd105fb8b839031eacc1faf3410a4
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_ia64.deb
Size/MD5 checksum: 737976 22069dd21aab422a67ca368dc7537aa4

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_hppa.deb
Size/MD5 checksum: 829624 8d8d43de36f2846f0f4c689eafc239d1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_hppa.deb
Size/MD5 checksum: 1604876 1f5fc833c478b0e737d89a86b69bf6a0
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_hppa.deb
Size/MD5 checksum: 1368226 d77ce1656b2f5f1c09bd98aeb17bb354
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_hppa.deb
Size/MD5 checksum: 824466 8a1f5d695a218655932180b3f8e3b49c
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_hppa.deb
Size/MD5 checksum: 733168 1c894d59e8d8cad67210b22049c55338

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_m68k.deb
Size/MD5 checksum: 811308 675071b60bf7604029d3b9bb7f9d7fa7
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_m68k.deb
Size/MD5 checksum: 1437126 f72bf3101dff7666764144e067c222b4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_m68k.deb
Size/MD5 checksum: 996514 d65a43ee4d13f7d8b2e60fcd79bc1a46
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_m68k.deb
Size/MD5 checksum: 804982 c401927b09c0ee5c79727bebefcbb026
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_m68k.deb
Size/MD5 checksum: 730252 1c91b25ab5926d6da868aa9b4bf84fd4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mips.deb
Size/MD5 checksum: 784884 fa5d5b971d96c5188aed859eba805eb4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mips.deb
Size/MD5 checksum: 1413338 1232a5281e48c703c99cabc5ea8777a5
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mips.deb
Size/MD5 checksum: 1312878 d3dd3cd33fef646b53c1e5f5e93ee788
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mips.deb
Size/MD5 checksum: 832678 3eda8f1830383293eba823cf984d15d5
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mips.deb
Size/MD5 checksum: 731444 3c50ceaea9bd62bce4eb4c5fb2bb0678

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mipsel.deb
Size/MD5 checksum: 784866 a2bab5ddee0ec91f396422f0fd0133ee
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mipsel.deb
Size/MD5 checksum: 1418510 ba607a78662d2294d82c7425e804f3d1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mipsel.deb
Size/MD5 checksum: 1273102 66daf0e381d18f91ddfd738243339b85
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mipsel.deb
Size/MD5 checksum: 832708 3f4362c2c82fea024e2b14c3722b2351
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mipsel.deb
Size/MD5 checksum: 731292 5c06ed6b9b380e2cf88e14f900f0d634

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_powerpc.deb
Size/MD5 checksum: 832410 367a1322826f11ef9dcbdc0c2a555a4b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_powerpc.deb
Size/MD5 checksum: 1484164 0489fb05721749be8a77c3b6be7b6814
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_powerpc.deb
Size/MD5 checksum: 1322578 4c3972bc7d19a25863efd7fc20447363
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_powerpc.deb
Size/MD5 checksum: 824460 80aa5fe58c0d357bfcdea1e6568889d1
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_powerpc.deb
Size/MD5 checksum: 731674 94282339ba881ba28c2f06a84dab01e9

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_s390.deb
Size/MD5 checksum: 793848 a76fffb4dcb478b9ab2a6a304dce5667
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_s390.deb
Size/MD5 checksum: 1480932 a81f9fbb32fc486ba92bac8ed84f3abd
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_s390.deb
Size/MD5 checksum: 1077868 fcf7d1957102b26ea3a8fa9c70b305e5
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_s390.deb
Size/MD5 checksum: 814068 cee89d4ce9dce6cb508e608ad8718796
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_s390.deb
Size/MD5 checksum: 731410 9f59b5a7ce92d38560b5c529fd134473

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_sparc.deb
Size/MD5 checksum: 813492 8a2bcbc7c3ac29a7de6ab08f1e23a554
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_sparc.deb
Size/MD5 checksum: 1484394 4386034ab461611e28beaefa2acc237c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_sparc.deb
Size/MD5 checksum: 1198292 460d4253893dfd4e87a015427a95cb08
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_sparc.deb
Size/MD5 checksum: 809826 d1b38721fae2ebc880cef0703d7d4d68
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_sparc.deb
Size/MD5 checksum: 730608 26961f57a7aa5fed6a04813b7627531f

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDX8bHW5ql+IAeqTIRAv8EAJ9dOXX+SuYPVnHQbUQhd176V5DGewCglfyJ
pHyXmMzmExE5Fn3NIYf+vuw=
=mtjW
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

5 comments:

Anonymous said...

Hey there! This is my first comment here so I just wanted to give a quick shout out and tell you I really enjoy reading through your articles.

Can you suggest any other blogs/websites/forums that
go over the same topics? Thanks a lot!
My site ... Muscle Building Review

Anonymous said...

I rarely leave responses, however after reading through some of
the comments here "[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service".
I actually do have a few questions for you if you do not mind.
Could it be just me or does it seem like a few of these responses come across as
if they are written by brain dead visitors?
:-P And, if you are posting at additional online sites, I'd like to follow everything fresh you have to post. Would you make a list of the complete urls of all your social community pages like your linkedin profile, Facebook page or twitter feed?
Check out my blog - best residential remodeling contractors in winter garden fl

Anonymous said...

Hola! I've been reading your website for some time now and finally got the bravery to go ahead and give you a shout out from Lubbock Tx! Just wanted to mention keep up the good work!
My webpage > Superyacht ecommerce specialist

Anonymous said...

Greetings from Carolina! I'm bored to tears at work so I decided to check out your site on my iphone during lunch break. I enjoy the knowledge you provide here and can't wait to take a look when
I get home. I'm amazed at how fast your blog loaded on my phone .. I'm not even using WIFI,
just 3G .. Anyhow, wonderful site!

Also visit my site; 7 sultans casino
Also see my page > canadian online casino

Anonymous said...

I think the admin of this website is actually working hard in favor of his web site, as here every stuff is quality based material.



my blog post http://www.cuteteenporn.net