Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0125 -- [Debian]
New net-snmp packages fix denial of service vulnerability
7 February 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: net-snmp
Publisher: Debian
Operating System: Debian GNU/Linux 4.0
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-5846
Ref: ESB-2007.0931
Original Bulletin: http://www.debian.org/security/2008/dsa-1483
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1483-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
February 06, 2008 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : net-snmp
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5846
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote
attackers to cause a denial of service (CPU and memory consumption)
via a GETBULK request with a large max-repeaters value.
For the stable distribution (etch), this problem has been fixed in
version 5.2.3-7etch2
For the unstable and testing distributions (sid and lenny,
respectively), this problem has been fixed in version 5.4.1~dfsg-2
We recommend that you upgrade your net-snmp package.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.diff.gz
Size/MD5 checksum: 92129 d4395b24ac55a351ff666b146e50e7da
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.dsc
Size/MD5 checksum: 1038 34169ea344d11cc6acbbc79598f1afbe
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch2_all.deb
Size/MD5 checksum: 855026 9ba19bd7e95b8b786db833d088033c20
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch2_all.deb
Size/MD5 checksum: 1215052 492929e419a21cb45a6b9f7f892e51e5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 836522 8f375e58599f11a92c219432c3c40a50
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 942474 877cd68b94cc98c3ce277f81e94ad559
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 1901930 4ce94285480f0587b9c9006db0b1d892
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 2171130 b21a6b7ab1fc2084134b0746c46caaa8
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_alpha.deb
Size/MD5 checksum: 932262 eb96a420dd3fb6b556ed8001bc44bb93
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 1892588 eed6e7f494feeb82dadfd6292aeb54f3
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 834892 1870924c9276f277d5e61b6929bc063a
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 931080 f413808b39167a15c6d1452767537e36
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 1561022 29910b7b991cc876540f926ee5e2453a
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_amd64.deb
Size/MD5 checksum: 919590 0962031c17b2cc752b2aa0a34224face
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 1777992 b7bb0164b520a6240321efdafbde344b
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 834966 473f0c386f9c6da35689b14ab1d379c1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 1344096 153ff9028f6accc63ed18d7bdf07485b
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 927916 989b6de8d07d36bd144ca88423b8d027
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_arm.deb
Size/MD5 checksum: 909516 6d3f6fd8e7472228f20c60be890d023e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 834156 8166a1a4c4f97fbe40efbf491b7bf72c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 917354 b894368213ab2cd00eded49533b16aa6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 1835912 c7567cd3db0d4e6536a3002eb4d8e265
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 924832 ba03a9804f155ea4a284f7643457b146
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_i386.deb
Size/MD5 checksum: 1416974 619e4f9b2c3eb7819cd2bd524ca7554b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 970124 3deb315b5de9afb14b52b394bae18a43
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 962568 4c5698e042bf664eff0bfe993c192d5d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 2281236 d4bc4f69d7e7a593335053e91a6c485d
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 842400 a950588e1b8e71079343ecd47e2d640f
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_ia64.deb
Size/MD5 checksum: 2205332 702c89982dfae8501a048367d78161a8
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 927142 5c8a6c536a3d50fd5002e12f62872224
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 895056 4cbf2439096d64f153e94c2d45021310
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 1717040 6d61c1ac4c4a67b69ca4d59244f4eefa
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 1769510 0b2fb829d8c98099a21fe59375eaab6f
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mips.deb
Size/MD5 checksum: 832874 b55a90b9778923425fd4ede1403a1483
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 1720352 83b11573a1389090c6419974438810a6
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 894848 a85af9050de7d658d06beb78cfd331d4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 1755240 edbf171acb4813d6e8936f553b0c63bf
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 832830 47e00fa0d4acad4a9adcbeab7f34a33d
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mipsel.deb
Size/MD5 checksum: 926346 9d81f235f0232259ac87af5d9a77a3f2
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 941140 e45bfb918d4814fc58509576cb353855
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 1657898 67553ac67857e5a93610fcb62a114faa
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 927732 1c6e3bc8b903ed51301d55e5329121f0
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 1802946 54dfa2f2746fe644f7129499eb709284
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_powerpc.deb
Size/MD5 checksum: 834926 c63610793fa21e534247fb4eebfcdf38
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 903456 0a741302e5532e07949911f755522f47
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 835824 d3bae80f1bbf09eade1207b758945003
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 1834732 cc3acadd0669ee790c77e141e73d951b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 1409706 594dae3b8a0d801bc5aa0cbe240785fc
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_s390.deb
Size/MD5 checksum: 931154 08a5a95841d6c643660dfe8df647d9f1
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 918174 d0f688bfabae071b11d24b852e90c11b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 1781666 ab7507949d9f8f111e530f3e0aa42e42
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 925014 b6df8efcb3e971cb711e37f4b4d21302
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 833856 f13884fa38c2eb1fe055e044503f3e67
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_sparc.deb
Size/MD5 checksum: 1548582 426a31f689fb0b3b3f4777a7e6bb51db
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHqgXfYrVLjBFATsMRAh1QAJ949bquNFrGOLCWnfB6eWPuDR695gCdFC02
/C3q6l7UFMwZ2dc1FtxJztg=
=5GhV
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR6o+byh9+71yA2DNAQL3DQP+IQVAPmq02HiRJqWf9K8M2JrXFykcW5Yt
eW0gbUebIdOabE5t05D1Zriu/1E+Ub9oP0jmscml8TOIM1riFRA6JE9yQhzPis5p
HwW7RDeE8T7coNqJSNVwbZ/9sRNuM6JWgXr6j3QfJs4+MxAJKmD5jyCL1zue390p
UhcO+1GD1O4=
=3Jy+
-----END PGP SIGNATURE-----