LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated net-snmp packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:025
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : net-snmp
 Date    : January 26, 2006
 Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The fixproc application in Net-SNMP creates temporary files with
 predictable file names which could allow a malicious local attacker to
 change the contents of the temporary file by exploiting a race
 condition, which could possibly lead to the execution of arbitrary
 code.  As well, a local attacker could create symbolic links in the
 /tmp directory that point to a valid file that would then be
 overwritten when fixproc is executed (CVE-2005-1740).
 
 A remote Denial of Service vulnerability was also discovered in the
 SNMP library that could be exploited by a malicious SNMP server to
 crash the agent, if the agent uses TCP sockets for communication
 (CVE-2005-2177).
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1740
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 5e45d435f1d54d5e3090782b6abba68d  10.1/RPMS/libnet-snmp5-5.1.2-6.1.101mdk.i586.rpm
 0bfb669d7aa43f082748130de49566d9  10.1/RPMS/libnet-snmp5-devel-5.1.2-6.1.101mdk.i586.rpm
 6c893808aef9ee5bc260097f85f59a8c  10.1/RPMS/libnet-snmp5-static-devel-5.1.2-6.1.101mdk.i586.rpm
 9990e6a604e33077001acd83ef992839  10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.i586.rpm
 6cde654363177bcbce43e0629c4410df  10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.i586.rpm
 00a8209096eead381f4b92d6c5610d35  10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.i586.rpm
 71f10f045162b00f15574d86a1ac4042  10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.i586.rpm
 bafa69a28faf8e3f926e4791eca78afe  10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.i586.rpm
 9336accac13fed9119b8d53e1ce18842  10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 fb7f15b0ce19d694d187c8d245b7eb39  x86_64/10.1/RPMS/lib64net-snmp5-5.1.2-6.1.101mdk.x86_64.rpm
 2eb7bfbb87d50036f59d40c8f74013af  x86_64/10.1/RPMS/lib64net-snmp5-devel-5.1.2-6.1.101mdk.x86_64.rpm
 91f01ccb844bfe0fc288d0d2ae0a6b92  x86_64/10.1/RPMS/lib64net-snmp5-static-devel-5.1.2-6.1.101mdk.x86_64.rpm
 19727111e192d653497dfd95788d605b  x86_64/10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.x86_64.rpm
 c8accd70d2ee97c8e96d7621614bab4a  x86_64/10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.x86_64.rpm
 67fe7b2332127afe6ca19111c5ac0527  x86_64/10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.x86_64.rpm
 3d36801e15db09a37115c5299f0f8ed2  x86_64/10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.x86_64.rpm
 9abc3a1c0109487a99491c0586410b5b  x86_64/10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.x86_64.rpm
 9336accac13fed9119b8d53e1ce18842  x86_64/10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 d094f32e704563d30bacb2c4555313bd  10.2/RPMS/libnet-snmp5-5.2.1-3.1.102mdk.i586.rpm
 d1f446814f498f188add32de07b119bd  10.2/RPMS/libnet-snmp5-devel-5.2.1-3.1.102mdk.i586.rpm
 9b75d6a1d06f29377e4ddb01e9dd77ca  10.2/RPMS/libnet-snmp5-static-devel-5.2.1-3.1.102mdk.i586.rpm
 709bbe1ab3ade1d812451a0e95dbc74c  10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.i586.rpm
 70ab9c54aad572ef98bc05722b792dfa  10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.i586.rpm
 f63e29921d9a996859803e1bacfa12b1  10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.i586.rpm
 9e7acc9c5e689d52ca713e70ae210fdf  10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.i586.rpm
 4ce882e9f770d3b0703758f07de93d33  10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.i586.rpm
 274a211bc0310147425dde0177933b3a  10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 029c14c17368523ea88d25d62c357e05  x86_64/10.2/RPMS/lib64net-snmp5-5.2.1-3.1.102mdk.x86_64.rpm
 5eac46a96bdaf1bd184095931c3fd7dc  x86_64/10.2/RPMS/lib64net-snmp5-devel-5.2.1-3.1.102mdk.x86_64.rpm
 0081e952f8cdb2cda6f9c5c3bbfcd824  x86_64/10.2/RPMS/lib64net-snmp5-static-devel-5.2.1-3.1.102mdk.x86_64.rpm
 5750dfbeb765a8a9cc5edea0367136ef  x86_64/10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.x86_64.rpm
 0bb727dd060f69e722e2d9119b09c920  x86_64/10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.x86_64.rpm
 bed3ea77aedda99248cf505004cd7ce2  x86_64/10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.x86_64.rpm
 5b15725662b555b200599babd751202e  x86_64/10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.x86_64.rpm
 c302bf9154a851284ec75845f2d16fbb  x86_64/10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.x86_64.rpm
 274a211bc0310147425dde0177933b3a  x86_64/10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

 Corporate 3.0:
 af2cfb8c941c61e09e90f972e196fc7c  corporate/3.0/RPMS/libnet-snmp5-5.1-7.2.C30mdk.i586.rpm
 398eb8a624998f3269fd921097e040b8  corporate/3.0/RPMS/libnet-snmp5-devel-5.1-7.2.C30mdk.i586.rpm
 0654942277f25a812438356840d69063  corporate/3.0/RPMS/libnet-snmp5-static-devel-5.1-7.2.C30mdk.i586.rpm
 b50cee131b9255792bbfe4c785b7869b  corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.i586.rpm
 dee0feb110fda0312fdcc05db315007a  corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.i586.rpm
 e22ca26b96609e60b15459290dd5f37d  corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.i586.rpm
 1a35259e34c7f14c4618a712718db361  corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.i586.rpm
 8f3c4ead1bd79a6826dae2dfc279b972  corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ff618e405dea0563a6e35680993ceb9b  x86_64/corporate/3.0/RPMS/lib64net-snmp5-5.1-7.2.C30mdk.x86_64.rpm
 aea5952fc98d667280f2cc9595482fde  x86_64/corporate/3.0/RPMS/lib64net-snmp5-devel-5.1-7.2.C30mdk.x86_64.rpm
 877dd4ca90a79a07f22c3c91e523877c  x86_64/corporate/3.0/RPMS/lib64net-snmp5-static-devel-5.1-7.2.C30mdk.x86_64.rpm
 f2f83c224b85bbc57d493085baed30d2  x86_64/corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.x86_64.rpm
 e6016001da2e93385d9bb33714dc3b5b  x86_64/corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.x86_64.rpm
 43a28bf6e34b44616a185d355ba33108  x86_64/corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.x86_64.rpm
 53a861ab75ef7806ba59977f644ecc62  x86_64/corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.x86_64.rpm
 8f3c4ead1bd79a6826dae2dfc279b972  x86_64/corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 283d5163bf181f98318a18575d823d41  mnf/2.0/RPMS/libnet-snmp5-5.1-7.1.M20mdk.i586.rpm
 71783daec5bd3a6045d7337330f09ba2  mnf/2.0/SRPMS/net-snmp-5.1-7.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.