(RHSA-2008:0971) Important: net-snmp security update

2008-11-0300:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

91.9%

JSON

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A denial-of-service flaw was found in the way Net-SNMP processes SNMP
GETBULK requests. A remote attacker who issued a specially-crafted request
could cause the snmpd server to crash. (CVE-2008-4309)

Note: An attacker must have read access to the SNMP server in order to
exploit this flaw. In the default configuration, the community name
“public” grants read-only access. In production deployments, it is
recommended to change this default community name.

All users of net-snmp should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

OSVersionArchitecturePackageVersionFilename
RedHat4ia64net-snmp-utils< 5.1.2-13.el4_7.2net-snmp-utils-5.1.2-13.el4_7.2.ia64.rpm
RedHat5s390xnet-snmp< 5.3.1-24.el5_2.2net-snmp-5.3.1-24.el5_2.2.s390x.rpm
RedHat4x86_64net-snmp-libs< 5.1.2-13.el4_7.2net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm
RedHat4s390net-snmp-devel< 5.1.2-13.el4_7.2net-snmp-devel-5.1.2-13.el4_7.2.s390.rpm
RedHat5s390xnet-snmp-perl< 5.3.1-24.el5_2.2net-snmp-perl-5.3.1-24.el5_2.2.s390x.rpm
RedHat4ppcnet-snmp-libs< 5.1.2-13.el4_7.2net-snmp-libs-5.1.2-13.el4_7.2.ppc.rpm
RedHat4x86_64net-snmp< 5.1.2-13.el4_7.2net-snmp-5.1.2-13.el4_7.2.x86_64.rpm
RedHat4s390net-snmp< 5.1.2-13.el4_7.2net-snmp-5.1.2-13.el4_7.2.s390.rpm
RedHat5ia64net-snmp-devel< 5.3.1-24.el5_2.2net-snmp-devel-5.3.1-24.el5_2.2.ia64.rpm
RedHat5srcnet-snmp< 5.3.1-24.el5_2.2net-snmp-5.3.1-24.el5_2.2.src.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	ia64	net-snmp-utils	< 5.1.2-13.el4_7.2	net-snmp-utils-5.1.2-13.el4_7.2.ia64.rpm
RedHat	5	s390x	net-snmp	< 5.3.1-24.el5_2.2	net-snmp-5.3.1-24.el5_2.2.s390x.rpm
RedHat	4	x86_64	net-snmp-libs	< 5.1.2-13.el4_7.2	net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm
RedHat	4	s390	net-snmp-devel	< 5.1.2-13.el4_7.2	net-snmp-devel-5.1.2-13.el4_7.2.s390.rpm
RedHat	5	s390x	net-snmp-perl	< 5.3.1-24.el5_2.2	net-snmp-perl-5.3.1-24.el5_2.2.s390x.rpm
RedHat	4	ppc	net-snmp-libs	< 5.1.2-13.el4_7.2	net-snmp-libs-5.1.2-13.el4_7.2.ppc.rpm
RedHat	4	x86_64	net-snmp	< 5.1.2-13.el4_7.2	net-snmp-5.1.2-13.el4_7.2.x86_64.rpm
RedHat	4	s390	net-snmp	< 5.1.2-13.el4_7.2	net-snmp-5.1.2-13.el4_7.2.s390.rpm
RedHat	5	ia64	net-snmp-devel	< 5.3.1-24.el5_2.2	net-snmp-devel-5.3.1-24.el5_2.2.ia64.rpm
RedHat	5	src	net-snmp	< 5.3.1-24.el5_2.2	net-snmp-5.3.1-24.el5_2.2.src.rpm