Lucene search

SuseSUSE-SA:2008:039

HistoryAug 01, 2008 - 1:33 p.m.

authentication bypass, denial-of-service in net-snmp

2008-08-0113:33:56

lists.opensuse.org

0.972 High

EPSS

Percentile

99.8%

JSON

The net-snmp daemon implements the “simple network management protocol”. The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).

Solution

Please install the update package.

OSVersionArchitecturePackageVersionFilename
openSUSE11.0i586snmp-mibs< 5.4.1-77.2snmp-mibs-5.4.1-77.2.i586.rpm
openSUSE11.0i586net-snmp-devel< 5.4.1-77.2net-snmp-devel-5.4.1-77.2.i586.rpm
openSUSE11.0i586perl-snmp< 5.4.1-77.2perl-SNMP-5.4.1-77.2.i586.rpm
openSUSE10.3i586libsnmp15< 5.4.1-19.2libsnmp15-5.4.1-19.2.i586.rpm
openSUSE10.3i586snmp-mibs< 5.4.1-19.2snmp-mibs-5.4.1-19.2.i586.rpm
SUSE Linux Enterprise Server10.2x86_64net-snmp< 5.3.0.1-25.26net-snmp-5.3.0.1-25.26.x86_64.rpm
SUSE Linux Enterprise Server10.2s390xnet-snmp-32bit< 5.3.0.1-25.26net-snmp-32bit-5.3.0.1-25.26.s390x.rpm
SUSE Linux Enterprise Software Development Kit10.1ppcnet-snmp-devel< 5.3.0.1-25.24.3net-snmp-devel-5.3.0.1-25.24.3.ppc.rpm
SUSE Linux Enterprise Server10.2ppcperl-snmp< 5.3.0.1-25.26perl-SNMP-5.3.0.1-25.26.ppc.rpm
SUSE SUSE Linux Enterprise Software Development Kit10.2ppcnet-snmp-devel< 5.3.0.1-25.26net-snmp-devel-5.3.0.1-25.26.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.0	i586	snmp-mibs	< 5.4.1-77.2	snmp-mibs-5.4.1-77.2.i586.rpm
openSUSE	11.0	i586	net-snmp-devel	< 5.4.1-77.2	net-snmp-devel-5.4.1-77.2.i586.rpm
openSUSE	11.0	i586	perl-snmp	< 5.4.1-77.2	perl-SNMP-5.4.1-77.2.i586.rpm
openSUSE	10.3	i586	libsnmp15	< 5.4.1-19.2	libsnmp15-5.4.1-19.2.i586.rpm
openSUSE	10.3	i586	snmp-mibs	< 5.4.1-19.2	snmp-mibs-5.4.1-19.2.i586.rpm
SUSE Linux Enterprise Server	10.2	x86_64	net-snmp	< 5.3.0.1-25.26	net-snmp-5.3.0.1-25.26.x86_64.rpm
SUSE Linux Enterprise Server	10.2	s390x	net-snmp-32bit	< 5.3.0.1-25.26	net-snmp-32bit-5.3.0.1-25.26.s390x.rpm
SUSE Linux Enterprise Software Development Kit	10.1	ppc	net-snmp-devel	< 5.3.0.1-25.24.3	net-snmp-devel-5.3.0.1-25.24.3.ppc.rpm
SUSE Linux Enterprise Server	10.2	ppc	perl-snmp	< 5.3.0.1-25.26	perl-SNMP-5.3.0.1-25.26.ppc.rpm
SUSE SUSE Linux Enterprise Software Development Kit	10.2	ppc	net-snmp-devel	< 5.3.0.1-25.26	net-snmp-devel-5.3.0.1-25.26.ppc.rpm

Rows per page:

1-10 of 491