CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
83.1%
CentOS Errata and Security Advisory CESA-2009:1124
The Simple Network Management Protocol (SNMP) is a protocol used for
network management.
A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker
could issue a specially-crafted GETBULK request that could crash the snmpd
daemon. (CVE-2009-1887)
Note: An attacker must have read access to the SNMP server in order to
exploit this flaw. In the default configuration, the community name
“public” grants read-only access. In production deployments, it is
recommended to change this default community name.
All net-snmp users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update, the
snmpd and snmptrapd daemons will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-June/078161.html
https://lists.centos.org/pipermail/centos-announce/2009-June/078162.html
Affected packages:
net-snmp
net-snmp-devel
net-snmp-libs
net-snmp-perl
net-snmp-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1124
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | net-snmp | < 5.0.9-2.30E.28 | net-snmp-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-devel | < 5.0.9-2.30E.28 | net-snmp-devel-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-libs | < 5.0.9-2.30E.28 | net-snmp-libs-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-perl | < 5.0.9-2.30E.28 | net-snmp-perl-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-utils | < 5.0.9-2.30E.28 | net-snmp-utils-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp | < 5.0.9-2.30E.28 | net-snmp-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-devel | < 5.0.9-2.30E.28 | net-snmp-devel-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-libs | < 5.0.9-2.30E.28 | net-snmp-libs-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-perl | < 5.0.9-2.30E.28 | net-snmp-perl-5.0.9-2.30E.28.i386.rpm |
CentOS | 3 | i386 | net-snmp-utils | < 5.0.9-2.30E.28 | net-snmp-utils-5.0.9-2.30E.28.i386.rpm |