Lucene search

K
centosCentOS ProjectCESA-2009:1124
HistoryJun 25, 2009 - 5:36 p.m.

net security update

2009-06-2517:36:31
CentOS Project
lists.centos.org
67

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

83.1%

CentOS Errata and Security Advisory CESA-2009:1124

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker
could issue a specially-crafted GETBULK request that could crash the snmpd
daemon. (CVE-2009-1887)

Note: An attacker must have read access to the SNMP server in order to
exploit this flaw. In the default configuration, the community name
“public” grants read-only access. In production deployments, it is
recommended to change this default community name.

All net-snmp users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update, the
snmpd and snmptrapd daemons will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-June/078161.html
https://lists.centos.org/pipermail/centos-announce/2009-June/078162.html

Affected packages:
net-snmp
net-snmp-devel
net-snmp-libs
net-snmp-perl
net-snmp-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1124

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.009

Percentile

83.1%