[USN-456-1] net-snmp vulnerability

Kees Cook kees at ubuntu.com
Wed May 2 15:36:59 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-456-1               May 02, 2007
net-snmp vulnerability
CVE-2005-4837
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  snmpd                                    5.2.1.2-4ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The SNMP service did not correctly handle TCP disconnects.  Remote 
subagents could cause a denial of service if they dropped a connection 
at a specific time.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.diff.gz
      Size/MD5:    71936 2a4cb9c1f800080e5e2374f3f84b8d7a
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.dsc
      Size/MD5:      792 2855b4bf1c6d5fdda432999b3e7c7533
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
      Size/MD5:  3869893 34159770a7fe418d99fdd416a75358b1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:  1151640 e40129b2a40d0efe2644207776152c98
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:   822598 b768bdd2b9f4417925b4b3efb3d4edcb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   896164 855871a700bfa3655ac3a10118cb69e6
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1496678 398e8f61079aff0fba54135322812d36
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1825690 fb3b45a844420bc93c0c1ea7aec1b6c8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   888946 2ddf1fd336891d925c05c093620c6755
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   796756 90b141201184e1f01ab9ff0e1b4f3612

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   896372 eac0a7df274971ba80b1dd669c0f0ec8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1267600 b52a5f612636a6d2ba77efe7da2fb864
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1709432 cb84264a9581bcbb2093280924d2036f
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   881478 4d9bc662c8ecab47b484c33765b24a55
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   794300 aeaf12afa90adbe6466e1f14ac3a81e7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   912514 2af054816148762b77a561655944b2b8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1589090 f00c4b7f21855f7862864bf51b898569
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1727216 7a982cc48199b22df04cb84f1fc5f217
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   898250 75a7b6278614c10ab1967a689f00a6e1
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   795666 449405c93bf2c822694c51c09112cf6c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   896380 8d9bced826d6097c92b056fba5651cec
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1485066 fff34136dd9ef3ccb9fa43d58cb8f31c
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1705908 95015429b477368287651682622c12ff
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   882846 223f74ba12b6374e8c79c9b05b3f7a9e
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   796020 af0197bc714b9a1bf0ad240d208ee497

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070502/e86cb05a/attachment.sig>


More information about the ubuntu-security-announce mailing list