Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Net-SNMP vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.
Ubuntu Security Notice USN-564-1           January 09, 2008
net-snmp vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:

Ubuntu 6.10:
  snmpd                           5.2.2-5ubuntu1.1

Ubuntu 7.04:
  snmpd                           5.2.3-4ubuntu1.1

Ubuntu 7.10:
  snmpd                           5.3.1-6ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Bill Trost discovered that snmpd did not properly limit GETBULK
requests. A remote attacker could specify a large number of
max-repetitions and cause a denial of service via resource

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    73469 41775878adc65a77a8f0acabcef54ab8
      Size/MD5:      792 42f89c30812b939e85467c85e6fac226
      Size/MD5:  3869893 34159770a7fe418d99fdd416a75358b1

  Architecture independent packages:
      Size/MD5:  1152224 552811fe821c44389f39be7bf99b3c4d
      Size/MD5:   822818 44bdfbc8d77284f280b88b1bda231157

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   896350 1d27487c8ce8afc0c6c4688ce54e4775
      Size/MD5:  1497140 7c185087e208e401d66e5bcd85a78156
      Size/MD5:  1826138 d40338391c1589dbb4bd99788573155d
      Size/MD5:   889174 44d8802d139aa86e39c44e6ebec5ad00
      Size/MD5:   796960 d28e9ab286356e115c261da9ecf88854

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   896600 9102e1256c2d1464572a1adbf89b6ed8
      Size/MD5:  1268010 60b2ac1de7d02cdb2bc932fb46d5682f
      Size/MD5:  1709928 4f6911acca12eccc4b5f1fdaaf230ee5
      Size/MD5:   881708 01245c4c3b5fff0309ec910b11f195c5
      Size/MD5:   794548 76c51ee892ff1a3b5454f91dddcadb3a

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   912752 183fcacf4ca2927f38762fff88e7b1bb
      Size/MD5:  1589534 fc72c8071bc84c8efbd339205f6cfa1d
      Size/MD5:  1727688 c649f57531b9a93b9df566c4b49399d3
      Size/MD5:   898478 31322dddba48aaec12e04a7f99faa5b0
      Size/MD5:   795888 3500f9e5b40b455fe02df2b4b0881686

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   896596 789446291f97bb2087ef66e11dc46807
      Size/MD5:  1485236 743b265bb622dee4985a81ccd2849212
      Size/MD5:  1706406 1e8d240a3856a6e162390ce648014da5
      Size/MD5:   883052 f745bed88034440c642eb890e51aef47
      Size/MD5:   796262 2b59e49ac4ab33d8988090a3d8f0ac68

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    85905 f6670282d3b9a3b61600f75d6c615d4c
      Size/MD5:      912 0c152276802af6802293bb2acb31d736
      Size/MD5:  3919826 2d9cdf956d6be5c5fcf2f898b403389b

  Architecture independent packages:
      Size/MD5:  1186736 51fb32031f718cc898591eab082215c8
      Size/MD5:   842000 d0365dc642323eed4a09a1ecb8baba95

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   905072 5fc7fd74e7e9985a9f4746aa030355a8
      Size/MD5:  1563940 88e95e1f8ee0b20e1ca3b30c813f38b0
      Size/MD5:  1885956 071d31bb45e135e8a6046e9a92873ba6
      Size/MD5:   917756 8c7ca19485b11096a646fce63110d27f
      Size/MD5:   820400 8f83a2b9dfaa58ec9c4a064c8bb33b67

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   902992 40cbc067400821e71fa10c79c24379de
      Size/MD5:  1371084 54f29b6d874c515f2c3cf604fedf1fc4
      Size/MD5:  1815144 bfd1ade685311f8a1630d4c817cf1de8
      Size/MD5:   913192 1b207425815b3f08388bbd36061f06d6
      Size/MD5:   819338 df39052931c11691be9fd82f1d3d6d7f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   915174 6c4118eae2d059b9984c49995eed8f70
      Size/MD5:  1665488 29b7f8ae66c22f8b4f339473edb12018
      Size/MD5:  1794320 0d70c20b13fa3b2d76473186a4c96bd0
      Size/MD5:   929030 ed51973cc0b046835933d798ca70cbe6
      Size/MD5:   820376 99c1560ae0c13cdcb97f560e0916dbc3

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   906028 aac738a6a7d278ab892a9ab012338a50
      Size/MD5:  1558794 7a7c59ac232b3058e1f54b03d7d0fa25
      Size/MD5:  1774490 daf98b61f447e7f8ae1220529cc51981
      Size/MD5:   912654 80f1a9135ebc5c341f5c650a98a8e468
      Size/MD5:   819560 b5d1598330b532ecc0fa1c7071fef678

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    88724 f46ba058238ea3ad5196afdac786e140
      Size/MD5:      959 a16917ef90b787da88e04eb80bc4fbce
      Size/MD5:  4006389 ba4bc583413f90618228d0f196da8181

  Architecture independent packages:
      Size/MD5:  1200608 58f2414d3a63d31b6840be871e5222bd
      Size/MD5:   855132 87cee1752976e00ca0012f55216dc284

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   919170 721b9d47700df4178b58faf15149e034
      Size/MD5:  1567048 d8506073a134fbb6cdb68691893f27d7
      Size/MD5:  1925878 386f5dfefd3c007332c7e502fd02fa1c
      Size/MD5:   933078 e671bd51c3b52dbeee2b0d41f235b4f7
      Size/MD5:   834524 49ed1155f0b3e846512b3b689baefdbd

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   916844 8fe741bc696d05911867970702995b42
      Size/MD5:  1372676 a384a9fe481de94b646b263bf90ec53e
      Size/MD5:  1855608 760f3a4ddead08c5cfa7ac317f33684d
      Size/MD5:   927768 3aabd8d29b7217e32e69fa9e4d827e1e
      Size/MD5:   833478 a184b09a572c681eeb0fca178413246d

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   934542 6563484070527a4a996a2f22e3105bec
      Size/MD5:  1666434 23e0ec62b1a5c0c40b7e46f186d87d43
      Size/MD5:  1884162 5c166590beb41f6cd5094bf52ca17724
      Size/MD5:   955078 3289645a510d25b5def926701e46a17c
      Size/MD5:   837892 404cca940a2021cf4accfdbdf5dfe7ff

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   919810 22f1639c562e6ddfbaebf639e33682c7
      Size/MD5:  1561300 135f5a4bdff1e15d8ea35da70dda9a57
      Size/MD5:  1813594 985d30ab5c3b5c3ca27aea7000db4a3b
      Size/MD5:   931400 035c8c7213c2ef024d37afeb209feedd
      Size/MD5:   834718 ca209ce89bc14ad251198a06afcd2f3b

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:    93272 326970b465de8674a77cb6ad785ababc
      Size/MD5:     1241 8aa8cea0eccc4a953432bc47eafc0bc2
      Size/MD5:  4210843 360a9783dbc853bab6bda90d961daee5

  Architecture independent packages:
      Size/MD5:   484190 0a4dd5fa50e5c4a16a65a6b1865ff06b
      Size/MD5:   901114 8719e970df55e3d2635b2485f373bc82

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  2541538 94351d6a4ca658343cad4eacd364c78e
      Size/MD5:   968516 5ae530e16c4e3fd4287e7235cc7b132f
      Size/MD5:  1200560 fa04a42c709acc0c50414909863b9633
      Size/MD5:   996100 720ba7ddc9556e5273e862e124f25ff0
      Size/MD5:   908606 86ab03b0ae235fae7ad7af53946a9a6c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  2321010 81c78b2b879e916babf2465e71f86cdb
      Size/MD5:   966660 cbc04d494605f8024a2171f8ff5fdef4
      Size/MD5:  1123664 02a985337db7c1d5e8fbfe1e0e25e940
      Size/MD5:   991474 134382c2b82a23087ed31873445cc868
      Size/MD5:   907350 eed861cc66bd71bddecf6d9def6023f6

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  2640270 9ce74bb6c02b24ddf485ee5017c0db98
      Size/MD5:   985342 720b0f6b5d42bd63011e5d24eb4dc950
      Size/MD5:  1153902 991f5cdc21d72c18a4b1823d46e8deb1
      Size/MD5:  1018106 5fe3e52ed215866bf27eeb459b03f230
      Size/MD5:   911704 f557e7bb620a734214ddb253c58e3690

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  2527436 9b0dd3ffc350274e6d3b7b2cd88f9945
      Size/MD5:   969850 0040e82b8f8b0ca2e56223f30eeac457
      Size/MD5:  1078438 f0bf75e1e5ba35e2fab091d79f5dddab
      Size/MD5:   994804 d6e36365a7069c744948a5d67a77724b
      Size/MD5:   908496 66ed8621460748ad301c1ca490f678d3

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============47310851743880903=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.