LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: net-snmp security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: net-snmp security update
Advisory ID:       RHSA-2005:395-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-395.html
Issue date:        2005-10-05
Updated on:        2005-10-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1740 CAN-2005-2177
- ---------------------------------------------------------------------

1. Summary:

Updated net-snmp packages that fix two security issues and various bugs
are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

SNMP (Simple Network Management Protocol) is a protocol used for network
management. 

A denial of service bug was found in the way net-snmp uses network stream
protocols. It is possible for a remote attacker to send a net-snmp agent a
specially crafted packet that will crash the agent. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-2177 to this issue.

An insecure temporary file usage bug was found in net-snmp's fixproc
command. It is possible for a local user to modify the content of temporary
files used by fixproc that can lead to arbitrary command execution. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1740 to this issue.

Additionally, the following bugs have been fixed:
- - The lmSensors are correctly recognized, snmp deamon no longer segfaults
- - The larger swap partition sizes are correctly reported 
- - Querying hrSWInstalledLastUpdateTime no longer crashes the snmp deamon
- - Fixed error building ASN.1 representation
- - The 64-bit network counters correctly wrap
- - Large file systems are correctly handled
- - Snmptrapd initscript correctly reads options from its configuration 
  file /etc/snmp/snmptrapd.options 
- - Snmp deamon no longer crashes when restarted using the agentX 
  protocol
- - snmp daemon now reports gigabit Ethernet speeds correctly
- - MAC adresses are shown when requested instead of IP adresses

All users of net-snmp should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150084 - snmpd dies when getting enterprises.ucdavis.memory.memTotalSwap.0
150199 - snmpd exits without a diagnostic: SIGSEGV
154455 - 64bit network counters peg instead of wrapping
154798 - /etc/init.d/snmptrapd wrong order in setting variables...
155038 - x86_64: net-snmp dies when querying hrSWInstalledLastUpdateTime
158769 - CAN-2005-1740 net-snmp insecure temporary file usage
163688 - CAN-2005-2177 net-snmp denial of service


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe  net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6  net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df  net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e  net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc  net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d  net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365  net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758  net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0  net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b  net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

ppc:
c9ca217a48da0a7aa035629ae1a315b6  net-snmp-5.1.2-11.EL4.6.ppc.rpm
717983be7c1f8ec261ffb7914b10bcb5  net-snmp-devel-5.1.2-11.EL4.6.ppc.rpm
1813f94dcaa10f1c5e9910c473220187  net-snmp-libs-5.1.2-11.EL4.6.ppc.rpm
6423451346096dc668635ea9ec6d0154  net-snmp-libs-5.1.2-11.EL4.6.ppc64.rpm
4d5d7f0732e0476a5052914d8ba03408  net-snmp-perl-5.1.2-11.EL4.6.ppc.rpm
de9792ce34d8fe0cf828e143e55a6e86  net-snmp-utils-5.1.2-11.EL4.6.ppc.rpm

s390:
b6d060cfaeb06f0898fef46280bc6dda  net-snmp-5.1.2-11.EL4.6.s390.rpm
2874be600171af40fdedc29190122677  net-snmp-devel-5.1.2-11.EL4.6.s390.rpm
c2895f557db41fa371ecdec220780150  net-snmp-libs-5.1.2-11.EL4.6.s390.rpm
b680f8bdc4669c2292950fb6db4e47d3  net-snmp-perl-5.1.2-11.EL4.6.s390.rpm
2bb808e9ef394ce25855822ef91af2cf  net-snmp-utils-5.1.2-11.EL4.6.s390.rpm

s390x:
9c212ed0a8aefd7db9cd57bf31d22e25  net-snmp-5.1.2-11.EL4.6.s390x.rpm
157b79487d0044c226ddf567294aa261  net-snmp-devel-5.1.2-11.EL4.6.s390x.rpm
c2895f557db41fa371ecdec220780150  net-snmp-libs-5.1.2-11.EL4.6.s390.rpm
cb9cf209f3281f9aede6305d2acc29a7  net-snmp-libs-5.1.2-11.EL4.6.s390x.rpm
af281e7c2985218b76eebe495a8c62bf  net-snmp-perl-5.1.2-11.EL4.6.s390x.rpm
ff879a134c8c06cc52633ca05af552b0  net-snmp-utils-5.1.2-11.EL4.6.s390x.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8  net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2  net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519  net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297  net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6  net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe  net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6  net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df  net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e  net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc  net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8  net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2  net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519  net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297  net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6  net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe  net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6  net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df  net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e  net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc  net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d  net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365  net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758  net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0  net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b  net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8  net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2  net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519  net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297  net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6  net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/net-snmp-5.1.2-11.EL4.6.src.rpm
21a7852edcba0fe4e6f36da6a44bacbe  net-snmp-5.1.2-11.EL4.6.src.rpm

i386:
120ec018b119e6b5ac27c3aa8299fbd6  net-snmp-5.1.2-11.EL4.6.i386.rpm
a109507ca1dc31a5b3feea46a46b79df  net-snmp-devel-5.1.2-11.EL4.6.i386.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
d2bbe2634e4aea210403ff99243c081e  net-snmp-perl-5.1.2-11.EL4.6.i386.rpm
7b4d1f269c2e336124e1f5e425f565dc  net-snmp-utils-5.1.2-11.EL4.6.i386.rpm

ia64:
0a71089d87ace55a82f7e2a4c344c34d  net-snmp-5.1.2-11.EL4.6.ia64.rpm
9b368d3917851e2170b89f118d0c6365  net-snmp-devel-5.1.2-11.EL4.6.ia64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
8d2de3b650fa8d6e82695f79d9675758  net-snmp-libs-5.1.2-11.EL4.6.ia64.rpm
890a703ad611379fcd0413f0e8e73df0  net-snmp-perl-5.1.2-11.EL4.6.ia64.rpm
a375cde21874c713ad6c16746519cc4b  net-snmp-utils-5.1.2-11.EL4.6.ia64.rpm

x86_64:
3f41e093b4bd63b26f0882223f938ba8  net-snmp-5.1.2-11.EL4.6.x86_64.rpm
257a00d2957784b1547de58b568eadf2  net-snmp-devel-5.1.2-11.EL4.6.x86_64.rpm
68db1a5a0fb3ff62a3714ef424012caa  net-snmp-libs-5.1.2-11.EL4.6.i386.rpm
e667da22eed9f976533b5ac85914d519  net-snmp-libs-5.1.2-11.EL4.6.x86_64.rpm
6b7712c783fb96d776603199c0e29297  net-snmp-perl-5.1.2-11.EL4.6.x86_64.rpm
1bad984449842d093ef0c29b45cbc2f6  net-snmp-utils-5.1.2-11.EL4.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds
Linux Kernel Development Gets Two-Factor Authentication
Hacking cars and traffic lights at Def Con
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.