net security update

2009-06-25T17:36:31
ID CESA-2009:1124
Type centos
Reporter CentOS Project
Modified 2009-06-25T17:38:23

Description

CentOS Errata and Security Advisory CESA-2009:1124

The Simple Network Management Protocol (SNMP) is a protocol used for network management.

A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker could issue a specially-crafted GETBULK request that could crash the snmpd daemon. (CVE-2009-1887)

Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name.

All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-June/028037.html http://lists.centos.org/pipermail/centos-announce/2009-June/028038.html

Affected packages: net-snmp net-snmp-devel net-snmp-libs net-snmp-perl net-snmp-utils

Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-1124.html