[ MDVSA-2008:118 ] - Updated net-snmp/ucd-snmp packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:118
http://www.mandriva.com/security/
_______________________________________________________________________
Package : net-snmp
Date : June 19, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's
Keyed-Hash Message Authentication Code (HMAC). An attacker
could exploit this flaw to spoof an authenticated SNMPv3 packet
(CVE-2008-0960).
A buffer overflow was found in the perl bindings for Net-SNMP that
could be exploited if an attacker could convince an application
using the Net-SNMP perl modules to connect to a malicious SNMP agent
(CVE-2008-2292).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
8db66ef5a5468d3fd72a47855230a28e
2007.1/i586/libnet-snmp10-5.3.1-3.2mdv2007.1.i586.rpm
c951b17138ef11828b2ccf031d4cddaf
2007.1/i586/libnet-snmp10-devel-5.3.1-3.2mdv2007.1.i586.rpm
536a87919f32fac81964d0a907bf08fe
2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.2mdv2007.1.i586.rpm
39e33947c21666dac5dbe5cfe103b26d
2007.1/i586/net-snmp-5.3.1-3.2mdv2007.1.i586.rpm
1eed5ebaff8f6f83befbf8d831900073
2007.1/i586/net-snmp-mibs-5.3.1-3.2mdv2007.1.i586.rpm
874db03c69584025e4d91049072d3c4e
2007.1/i586/net-snmp-trapd-5.3.1-3.2mdv2007.1.i586.rpm
11af93c879d8cd9353b7cb1826900222
2007.1/i586/net-snmp-utils-5.3.1-3.2mdv2007.1.i586.rpm
2c9e819eeb5fd472f6a0fe338d86182b
2007.1/i586/perl-NetSNMP-5.3.1-3.2mdv2007.1.i586.rpm
7a0806202ff8f3d838fa7958b636a449
2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
aa27de502ce22110fd745c0b847b79d9
2007.1/x86_64/lib64net-snmp10-5.3.1-3.2mdv2007.1.x86_64.rpm
1843dd154c443cca9ae977e502221d6d
2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
838bd7820d446bd947bc46e090b38066
2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
e659d3df04816330c7bf45008f66bc27
2007.1/x86_64/net-snmp-5.3.1-3.2mdv2007.1.x86_64.rpm
756d5606a1039d20a7512b0a109d53bb
2007.1/x86_64/net-snmp-mibs-5.3.1-3.2mdv2007.1.x86_64.rpm
8ad36943e07362865f3a48c99914e48c
2007.1/x86_64/net-snmp-trapd-5.3.1-3.2mdv2007.1.x86_64.rpm
483140c06017507127d12357c3ed2b41
2007.1/x86_64/net-snmp-utils-5.3.1-3.2mdv2007.1.x86_64.rpm
e2bb901815ffa1ca5b0a16bc1363f84f
2007.1/x86_64/perl-NetSNMP-5.3.1-3.2mdv2007.1.x86_64.rpm
7a0806202ff8f3d838fa7958b636a449
2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
8de3c4975620db2b2c2697d6f9deb79b
2008.0/i586/libnet-snmp15-5.4.1-1.1mdv2008.0.i586.rpm
b1991c58d996f4be200fe141e28c5f7d
2008.0/i586/libnet-snmp-devel-5.4.1-1.1mdv2008.0.i586.rpm
03c54182cc7f97633f29ff0251a8c898
2008.0/i586/libnet-snmp-static-devel-5.4.1-1.1mdv2008.0.i586.rpm
1f792de19b7b38b56d68242958d5d800
2008.0/i586/net-snmp-5.4.1-1.1mdv2008.0.i586.rpm
e3362a641e232a6ecf0b8230f0e49ec8
2008.0/i586/net-snmp-mibs-5.4.1-1.1mdv2008.0.i586.rpm
bc6d8c10135ea64a4d512d80d04b1b39
2008.0/i586/net-snmp-trapd-5.4.1-1.1mdv2008.0.i586.rpm
8e7f28ee85fb48129eea57d11d391c8b
2008.0/i586/net-snmp-utils-5.4.1-1.1mdv2008.0.i586.rpm
beab129e378f61a6bf62d366a4d90639
2008.0/i586/perl-NetSNMP-5.4.1-1.1mdv2008.0.i586.rpm
3fce488df784163f19e6a55061d773ca
2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
82b570c9cb7e0662df4d7da730c131db
2008.0/x86_64/lib64net-snmp15-5.4.1-1.1mdv2008.0.x86_64.rpm
20b8a6e3fc8dd82fe5ecfdb337553938
2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
555688caa0eee850b3a5f835a5778849
2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
60d65f80aec29dcb6d4ceb4bb117a9bc
2008.0/x86_64/net-snmp-5.4.1-1.1mdv2008.0.x86_64.rpm
685c9dd25b585afc128de1b3c092e5d5
2008.0/x86_64/net-snmp-mibs-5.4.1-1.1mdv2008.0.x86_64.rpm
7bff860904572c092f737ac17940d5b2
2008.0/x86_64/net-snmp-trapd-5.4.1-1.1mdv2008.0.x86_64.rpm
e434686bddfb04f2a8bd01346517ecb4
2008.0/x86_64/net-snmp-utils-5.4.1-1.1mdv2008.0.x86_64.rpm
4fab6e498e1f05809db500ce895aad66
2008.0/x86_64/perl-NetSNMP-5.4.1-1.1mdv2008.0.x86_64.rpm
3fce488df784163f19e6a55061d773ca
2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
4bafceae1a29f6557b5aa884eca24ba0
2008.1/i586/libnet-snmp15-5.4.1-5.1mdv2008.1.i586.rpm
1eedbae5df7e503de1cba736129beaa1
2008.1/i586/libnet-snmp-devel-5.4.1-5.1mdv2008.1.i586.rpm
615a88847cbf1ce6eaf0029037a14b1b
2008.1/i586/libnet-snmp-static-devel-5.4.1-5.1mdv2008.1.i586.rpm
7323cb7d35eb67664d40ad73b413679d
2008.1/i586/net-snmp-5.4.1-5.1mdv2008.1.i586.rpm
d43ed96a806639a94af2a137c75e276e
2008.1/i586/net-snmp-mibs-5.4.1-5.1mdv2008.1.i586.rpm
7394b1361b43056b5eb99827771358cf
2008.1/i586/net-snmp-tkmib-5.4.1-5.1mdv2008.1.i586.rpm
8d6fd9308c2edbe8c020d2c33b3a841d
2008.1/i586/net-snmp-trapd-5.4.1-5.1mdv2008.1.i586.rpm
dc58047a02e1a222af20aa794ea8f447
2008.1/i586/net-snmp-utils-5.4.1-5.1mdv2008.1.i586.rpm
2ad9888cd61fc4952c1cee0c48f714b5
2008.1/i586/perl-NetSNMP-5.4.1-5.1mdv2008.1.i586.rpm
7a19c1f8d42052af6392b18b48bd965c
2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
618c241e0ecb57685646264c9bb083b4
2008.1/x86_64/lib64net-snmp15-5.4.1-5.1mdv2008.1.x86_64.rpm
bb0ebf49ee7cca29965aeb398f4725f6
2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
b4f29f00773291f6cc00784ed7cde470
2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
3039811b6682dc4009b32ff48a99eb2b
2008.1/x86_64/net-snmp-5.4.1-5.1mdv2008.1.x86_64.rpm
fab09178635501eb5d6a82eb7bd532a3
2008.1/x86_64/net-snmp-mibs-5.4.1-5.1mdv2008.1.x86_64.rpm
da29d4c7edaa15d95f8bee98dbfab025
2008.1/x86_64/net-snmp-tkmib-5.4.1-5.1mdv2008.1.x86_64.rpm
d9aad834d82d310c64f6f21e17a55920
2008.1/x86_64/net-snmp-trapd-5.4.1-5.1mdv2008.1.x86_64.rpm
7a7c871bd87dc91c16b046ac115cda70
2008.1/x86_64/net-snmp-utils-5.4.1-5.1mdv2008.1.x86_64.rpm
d102ea2af0fcaaebd98defda72bcfc91
2008.1/x86_64/perl-NetSNMP-5.4.1-5.1mdv2008.1.x86_64.rpm
7a19c1f8d42052af6392b18b48bd965c
2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Corporate 3.0:
335af3930865c8eb44ef436cad5fb373
corporate/3.0/i586/libnet-snmp5-5.1-7.4.C30mdk.i586.rpm
b8e1d307ee6fa3905d292077fc063318
corporate/3.0/i586/libnet-snmp5-devel-5.1-7.4.C30mdk.i586.rpm
a668cc4de411865567d1a93f34cee1e3
corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.4.C30mdk.i586.rpm
d8c0d342b03e5719443d2de06c631bd5
corporate/3.0/i586/libsnmp0-4.2.3-8.2.C30mdk.i586.rpm
6bbe3bb2502ce3c974f7b5737331bb4d
corporate/3.0/i586/libsnmp0-devel-4.2.3-8.2.C30mdk.i586.rpm
daca10f2e578f75c1e7415d78ed30265
corporate/3.0/i586/net-snmp-5.1-7.4.C30mdk.i586.rpm
1630ebd75201e1bc3956b12a26282f92
corporate/3.0/i586/net-snmp-mibs-5.1-7.4.C30mdk.i586.rpm
5a4f483c877a6278088a265cb3273d61
corporate/3.0/i586/net-snmp-trapd-5.1-7.4.C30mdk.i586.rpm
316d866de7fa7cd984d58f5cb742f5e3
corporate/3.0/i586/net-snmp-utils-5.1-7.4.C30mdk.i586.rpm
e3d4197517565f12e2c3a8fd1cc5d2e7
corporate/3.0/i586/ucd-snmp-4.2.3-8.2.C30mdk.i586.rpm
17e8d856fd1dac18552818a842105c88
corporate/3.0/i586/ucd-snmp-utils-4.2.3-8.2.C30mdk.i586.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2
corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2
corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
b31f277942fca76d953007c94a60cae2
corporate/3.0/x86_64/lib64net-snmp5-5.1-7.4.C30mdk.x86_64.rpm
e4a3fba10ccdd805dc8783ae68c99a42
corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.4.C30mdk.x86_64.rpm
530a94cc87af0e4d6e9f3815473c0dd4
corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.4.C30mdk.x86_64.rpm
f246ca421b5d16c599d53f70e4b97660
corporate/3.0/x86_64/lib64snmp0-4.2.3-8.2.C30mdk.x86_64.rpm
b943e07726a2fecb016ef4ba626906d8
corporate/3.0/x86_64/lib64snmp0-devel-4.2.3-8.2.C30mdk.x86_64.rpm
22822876f72e35cf6d1ed027df93e74a
corporate/3.0/x86_64/net-snmp-5.1-7.4.C30mdk.x86_64.rpm
e7e51782b9bbd1e1bdf93c17fb953280
corporate/3.0/x86_64/net-snmp-mibs-5.1-7.4.C30mdk.x86_64.rpm
e67a9105f9492c020693d48ce55652ea
corporate/3.0/x86_64/net-snmp-trapd-5.1-7.4.C30mdk.x86_64.rpm
171a17e507b2dfdb9c70c0089e582221
corporate/3.0/x86_64/net-snmp-utils-5.1-7.4.C30mdk.x86_64.rpm
96886146d21175b076e92d59e96f5016
corporate/3.0/x86_64/ucd-snmp-4.2.3-8.2.C30mdk.x86_64.rpm
1b6ee4c253f15be516a1928a4f791f15
corporate/3.0/x86_64/ucd-snmp-utils-4.2.3-8.2.C30mdk.x86_64.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2
corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2
corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 4.0:
6cbe9d76db3b05c2435bcbc5cf16c898
corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.2.20060mlcs4.i586.rpm
586a55cfde45020d5ea0ebf5f2d6c840
corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
d992d8300cf0639942a179349d592e15
corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
03a49b848c376b705dcfcef0ec817daf
corporate/4.0/i586/net-snmp-5.2.1.2-5.2.20060mlcs4.i586.rpm
22b9d01b3b7a8a34ed3e1a5a435286a8
corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.i586.rpm
dccc01a94c1f29eac2875e6a935bf589
corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.i586.rpm
77f93230f96abce039b52ca5612eaa36
corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.i586.rpm
8a7209b70979c9d73035ff40cbd8dbb4
corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.i586.rpm
ac919459a8752cddfd441c085ca69117
corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f94c7e967973ba8aa12b5605251d6e78
corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
f332985986eff2d6c8a75b5c263dedb1
corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
82fc454916e75866370ee738292021c8
corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ff0adeb23df57eb34869c7100df159da
corporate/4.0/x86_64/net-snmp-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
72f2dc9cb1695999660a9ff9c97e4c47
corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
0f244551c87e051a8274e5050cf0bc2a
corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
7c4e7fb304c77c6551a50495d338e84e
corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
68d81ca4c173710ef43b36092df2a6ee
corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ac919459a8752cddfd441c085ca69117
corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f98286a301d580fe306917cf0169ef88
mnf/2.0/i586/libnet-snmp5-5.1-7.4.M20mdk.i586.rpm
3ba27516773b1dd933828207cecc7754 mnf/2.0/SRPMS/net-snmp-5.1-7.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIW/O7mqjQ0CJFipgRAlNDAJwKuG+ljPAS2MDqj4QOlf+2PtWFUQCeIlun
Kcp+qeLAEA/HEE8HXT88NkY=
=D9Hu
-----END PGP SIGNATURE-----