SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Volution Vendors:   Caldera/SCO
(Caldera Issues Fix for Volution Manager) Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System
SecurityTracker Alert ID:  1003824
SecurityTracker URL:  http://securitytracker.com/id/1003824
CVE Reference:   CVE-2002-0012, CVE-2002-0013   (Links to External Site)
Date:  Mar 14 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1
Description:   CERT reported that the University of Oulu (Finland) has discovered vulnerabilities in many vendor implementations of the Simple Network Management Protocol (SNMP) version 1.

The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) reports that there are numerous vulnerabilities in SNMPv1 implementations from many different vendors. A remote user can reportedly cause denial of service attacks or gain elevated privileges on the system. The extent of the vulnerabilities depends on the specific vendor implementation.

Caldera reports that Volution Manager is vulnerable.

Impact:   A remote user may be able to cause denial of service conditions or may be able to obtain elevated privileges on the system.
Solution:   The vendor has released a fix for Caldera Volution Manager 1.1:

ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/SRPMS

The verification checksums are:

ebda82a51da9182e170799d97b80adf3 RPMS/ucd-snmp-4.2.1-17v.1.i386.rpm
056f9b0a7ece17ea90be9039c02e12a2 RPMS/ucd-snmp-devel-4.2.1-17v.1.i386.rpm
8ae3525daa789bb658967d3dda8531c4 RPMS/ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm
e399b32750c4f5b7c3764d254e995cfb RPMS/ucd-snmp-utils-4.2.1-17v.1.i386.rpm
c9b02cb5217c205e6880219d0c9476d2 SRPMS/ucd-snmp-4.2.1-17v.1.src.rpm

See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2002 Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System



 Source Message Contents

Subject:  Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		REVISED: Linux: Various security problems in ucd-snmp
Advisory number: 	CSSA-2002-004.1
Issue date: 		2002, March 8
Cross reference:	CSSA-2002.004.0
______________________________________________________________________________


1. Problem Description

  [ This updated advisory adds Volution Manager to the Vulnerable
  Versions ]

   Researchers at the university of Oulo, Finland, discovered several
   remotely exploitable vulnerabilities in ucd-snmp. This security update
   fixes these vulnerabilities. This update also contains a patch from
   the SuSE security team that cleans up a number of unchecked memory
   operations.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable                
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        ucd-snmp-4.2.1-17             
   
   OpenLinux eDesktop 2.4        not vulnerable                
   
   OpenLinux Server 3.1          All packages previous to      
                                 ucd-snmp-4.2.1-17             
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 ucd-snmp-4.2.1-17             
   
   OpenLinux 3.1 IA64            not vulnerable                
   
   OpenLinux Server 3.1.1        All packages previous to      
                                 ucd-snmp-4.2.1-17             
   
   OpenLinux Workstation         All packages previous to      
   3.1.1                         ucd-snmp-4.2.1-17             
   
   Volution Manager 1.1		 All packages previous to
				 ucd-snmp-4.2.1-17v.1


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       39455abae12c26af0767e73ce5fa21ba  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       2a13a2370c9da23d09a9fdfb94242cb0  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       552a1f07b57743ea2f83a77878f8b307  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       02914263b92c14023b6a8a986739975a  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \
              ucd-snmp-devel-4.2.1-17.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17.i386.rpm \
              ucd-snmp-utils-4.2.1-17.i386.rpm
         

6. OpenLinux eDesktop 2.4

    not vulnerable

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       e1f2eab37121fd66aefab49da3f6173b  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       ad7405f4578ca3f25a56d8e5d96020bb  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       980115ed7580c8a772e8111ad1494067  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       48f82f6ee0561fc0961cf99e471a14de  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \
              ucd-snmp-devel-4.2.1-17.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17.i386.rpm \
              ucd-snmp-utils-4.2.1-17.i386.rpm
         

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       e1f2eab37121fd66aefab49da3f6173b  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       ad7405f4578ca3f25a56d8e5d96020bb  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       980115ed7580c8a772e8111ad1494067  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       48f82f6ee0561fc0961cf99e471a14de  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \
              ucd-snmp-devel-4.2.1-17.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17.i386.rpm \
              ucd-snmp-utils-4.2.1-17.i386.rpm
         

9. OpenLinux 3.1 IA64

    not vulnerable

10. OpenLinux 3.1.1 Server

    10.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

   10.2 Verification

       0bf1e8d5ec70518f2b548871fb1d00b7  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       7b8f7fd19b3a0dd61a1113e3d12bd00d  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       b0bf4250ba668660b0c9d859d164e918  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       df84f06b86e973ee8d38f5f995fa7905  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm
       

   10.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \
              ucd-snmp-devel-4.2.1-17.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17.i386.rpm \
              ucd-snmp-utils-4.2.1-17.i386.rpm
         

11. OpenLinux 3.1.1 Workstation

    11.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

   11.2 Verification

       0bf1e8d5ec70518f2b548871fb1d00b7  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       7b8f7fd19b3a0dd61a1113e3d12bd00d  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       b0bf4250ba668660b0c9d859d164e918  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       df84f06b86e973ee8d38f5f995fa7905  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm
       

   11.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \
              ucd-snmp-devel-4.2.1-17.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17.i386.rpm \
              ucd-snmp-utils-4.2.1-17.i386.rpm
         

12. Volution Manager 1.1

   12.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/SRPMS

   12.2 Verification

	ebda82a51da9182e170799d97b80adf3  RPMS/ucd-snmp-4.2.1-17v.1.i386.rpm
	056f9b0a7ece17ea90be9039c02e12a2  RPMS/ucd-snmp-devel-4.2.1-17v.1.i386.rpm
	8ae3525daa789bb658967d3dda8531c4  RPMS/ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm
	e399b32750c4f5b7c3764d254e995cfb  RPMS/ucd-snmp-utils-4.2.1-17v.1.i386.rpm
	c9b02cb5217c205e6880219d0c9476d2  SRPMS/ucd-snmp-4.2.1-17v.1.src.rpm


   12.3 Installing Fixed Packages

    Upgrade the affected packages on non-Caldera Linux clients
    managed by Volution Manager using Volution Manager's software
    distribution action.

    Or manually update your non-Caldera Linux clients with the
    following commands:

         rpm -Fvh ucd-snmp-4.2.1-17v.1.i386.rpm \
              ucd-snmp-devel-4.2.1-17v.1.i386.rpm \
              ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm \
              ucd-snmp-utils-4.2.1-17v.1.i386.rpm


13. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10987.


14. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through
   our security advisories. Our advisories are a service to our
   customers intended to promote secure installation and use of
   Caldera International products.


15. Acknowledgements

   Caldera International wishes to thank the Secure Programming Research
   Group at Oulu University for their work, and for sharing their research
   results in this fashion. We also wish to thank Thomas Biege at SuSE for
   his additional patches.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyIBk8ACgkQbluZssSXDTGREQCgsgGB3aMqZhYFOH69ZI4DbvpE
aYAAnAzQPDIY0hCpy3jRuh3ZRzx5Ifv6
=yBvP
-----END PGP SIGNATURE-----



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC