SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Net-snmp Vendors:   [Multiple Authors/Vendors]
(Debian Issues Revised Fix) Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System
SecurityTracker Alert ID:  1003692
SecurityTracker URL:  http://securitytracker.com/id/1003692
CVE Reference:   CAN-2002-0012, CAN-2002-0013   (Links to External Site)
Date:  Feb 28 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   CERT reported that the University of Oulu (Finland) has discovered vulnerabilities in many vendor implementations of the Simple Network Management Protocol (SNMP) version 1.

The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) reports that there are numerous vulnerabilities in SNMPv1 implementations from many different vendors. A remote user can reportedly cause denial of service attacks or gain elevated privileges on the system. The extent of the vulnerabilities depends on the specific vendor implementation. Vulnerabilities apparently include denial-of-service conditions, format string vulnerabilities, and buffer overflows.

Net-snmp (formerly known as ucd-snmp) is vulnerable.

Impact:   A remote user may be able to cause denial of service conditions or may be able to obtain elevated privileges on the system.
Solution:   The vendor has released a revised fix. Some of the changes made in the previous DSA-111-1 security fix for SNMP changed the API and ABI for the SNMP library which broke some other applications. This has been fixed in version 4.1.1-2.1.

Debian GNU/Linux 2.2 alias potato:

Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment updated powerpc packages are not ready yet. When they are they will be mentioned on the Debian security webpages.

Source archives:
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.diff.gz
MD5 checksum: be2dfee01664c4626348e6171528d255
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.dsc
MD5 checksum: afc58029a9c5116068a16c120b0a4904
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz
MD5 checksum: 2f0d6130af510a8ce283dfdb557a85fa

Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.2_alpha.deb
MD5 checksum: 3132c75375ce348cabcbfbb3d3a76763
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.2_alpha.deb
MD5 checksum: 0d27c13b5095ad645694c99f25e0da64
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.2_alpha.deb
MD5 checksum: 9d3cddbb786979e7f28d497cbbd5c5d9
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.2_alpha.deb
MD5 checksum: cbae6d2e9d5ebbb5d497e3ffc8aab73f

ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.2_arm.deb
MD5 checksum: da24f4fb3b1f5f687b074fd71793fb72
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.2_arm.deb
MD5 checksum: 8f87c4dd653a195bd2095c75cfb7e766
http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.2_arm.deb
MD5 checksum: 4a3953c0f892d02e1bf6b006a1ffe1fd
http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.2_arm.deb
MD5 checksum: 7637450f37dde5722a88985cbb4e62e0

Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb
MD5 checksum: 63572db96270c729ea883bfef1ada86c
http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb
MD5 checksum: b6282ebba72681ff8b2fe58995831df8
http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.2_i386.deb
MD5 checksum: 77233f5bc593a94488a92cb19d4bede2
http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.2_i386.deb
MD5 checksum: f7f9847bac6be03e19fb5fef39166859

Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.2_m68k.deb
MD5 checksum: d9861cd2564b72d8c3a03ab364c904e6
http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.2_m68k.deb
MD5 checksum: a61e288a261f42dab2ac2032e33fce62
http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.2_m68k.deb
MD5 checksum: 17fbf2e266250ad4916140417ab89e91
http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.2_m68k.deb
MD5 checksum: be9e4621e3b0124cca66bd1030a165f1

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.2_sparc.deb
MD5 checksum: b2d081e92fd6fdbf17ff39c3613c97a4
http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.2_sparc.deb
MD5 checksum: 15b8bea50f0dccbd087c4335a1f9f72a
http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.2_sparc.deb
MD5 checksum: 344153849feb2976ff1d5c8675ca20f0
http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.2_sparc.deb
MD5 checksum: d791b6df707bf60398b39b4924328d9f

These packages will be moved into the stable distribution on its next revision.

Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2002 Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System



 Source Message Contents

Date:  Thu, 28 Feb 2002 15:07:54 +0100
Subject:  [SECURITY] [DSA-111-2] Update for SNMP security fix


-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-111-2                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
February 28, 2002
- ------------------------------------------------------------------------


Package        : ucd-snmp
Problem type   : ABI/API correction to previous security fix
Debian-specific: yes

Some of the changes made in the DSA-111-1 security fix for SNMP
changed the API and ABI for the SNMP library which broke some
other applications.

This has been fixed in version 4.1.1-2.1. We apologise for the
inconvenience this may have caused.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  At this moment updated powerpc packages are not ready yet. When
  they are they will be mentioned on the Debian security webpages.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.diff.gz
      MD5 checksum: be2dfee01664c4626348e6171528d255
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.dsc
      MD5 checksum: afc58029a9c5116068a16c120b0a4904
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz
      MD5 checksum: 2f0d6130af510a8ce283dfdb557a85fa

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.2_alpha.deb
      MD5 checksum: 3132c75375ce348cabcbfbb3d3a76763
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.2_alpha.deb
      MD5 checksum: 0d27c13b5095ad645694c99f25e0da64
    http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.2_alpha.deb
      MD5 checksum: 9d3cddbb786979e7f28d497cbbd5c5d9
    http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.2_alpha.deb
      MD5 checksum: cbae6d2e9d5ebbb5d497e3ffc8aab73f

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.2_arm.deb
      MD5 checksum: da24f4fb3b1f5f687b074fd71793fb72
    http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.2_arm.deb
      MD5 checksum: 8f87c4dd653a195bd2095c75cfb7e766
    http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.2_arm.deb
      MD5 checksum: 4a3953c0f892d02e1bf6b006a1ffe1fd
    http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.2_arm.deb
      MD5 checksum: 7637450f37dde5722a88985cbb4e62e0

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb
      MD5 checksum: 63572db96270c729ea883bfef1ada86c
    http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb
      MD5 checksum: b6282ebba72681ff8b2fe58995831df8
    http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.2_i386.deb
      MD5 checksum: 77233f5bc593a94488a92cb19d4bede2
    http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.2_i386.deb
      MD5 checksum: f7f9847bac6be03e19fb5fef39166859

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.2_m68k.deb
      MD5 checksum: d9861cd2564b72d8c3a03ab364c904e6
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.2_m68k.deb
      MD5 checksum: a61e288a261f42dab2ac2032e33fce62
    http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.2_m68k.deb
      MD5 checksum: 17fbf2e266250ad4916140417ab89e91
    http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.2_m68k.deb
      MD5 checksum: be9e4621e3b0124cca66bd1030a165f1

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.2_sparc.deb
      MD5 checksum: b2d081e92fd6fdbf17ff39c3613c97a4
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.2_sparc.deb
      MD5 checksum: 15b8bea50f0dccbd087c4335a1f9f72a
    http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.2_sparc.deb
      MD5 checksum: 344153849feb2976ff1d5c8675ca20f0
    http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.2_sparc.deb
      MD5 checksum: d791b6df707bf60398b39b4924328d9f

  These packages will be moved into the stable distribution on its next
  revision.

- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPH45sajZR/ntlUftAQGSwwL/d+WAg4K02pxdYV0qYWbwRaXyPOgQcOFu
LcY1qdjptkl0/7/yzJ0f7T6TRKhO0E4x1idyLWqJvG6dONbluqc4iKlU8JGIkiFM
YsITVpapK3YbfS9/FArufkk+5eD+Bm1K
=XGMM
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC