(RHSA-2008:0529) Moderate: net-snmp security update

2008-06-10T04:00:00
ID RHSA-2008:0529
Type redhat
Reporter RedHat
Modified 2017-09-08T12:06:30

Description

The Simple Network Management Protocol (SNMP) is a protocol used for network management.

A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)

A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)

All users of net-snmp should upgrade to these updated packages, which contain backported patches to resolve these issues.