Nom du paquet
net-snmp
Date
2006-01-26
Advisory ID
MDKSA-2006:025
Affected versions
MNF2.0 i586 , 10.2 x86_64 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

The fixproc application in Net-SNMP creates temporary files with
predictable file names which could allow a malicious local attacker to
change the contents of the temporary file by exploiting a race
condition, which could possibly lead to the execution of arbitrary
code. As well, a local attacker could create symbolic links in the
/tmp directory that point to a valid file that would then be
overwritten when fixproc is executed (CVE-2005-1740).

A remote Denial of Service vulnerability was also discovered in the
SNMP library that could be exploited by a malicious SNMP server to
crash the agent, if the agent uses TCP sockets for communication
(CVE-2005-2177).

The updated packages have been patched to correct these problems.

Updated packages

MNF2.0 i586

 283d5163bf181f98318a18575d823d41  mnf/2.0/RPMS/libnet-snmp5-5.1-7.1.M20mdk.i586.rpm
 71783daec5bd3a6045d7337330f09ba2  mnf/2.0/SRPMS/net-snmp-5.1-7.1.M20mdk.src.rpm

10.2 x86_64

 029c14c17368523ea88d25d62c357e05  x86_64/10.2/RPMS/lib64net-snmp5-5.2.1-3.1.102mdk.x86_64.rpm
 5eac46a96bdaf1bd184095931c3fd7dc  x86_64/10.2/RPMS/lib64net-snmp5-devel-5.2.1-3.1.102mdk.x86_64.rpm
 0081e952f8cdb2cda6f9c5c3bbfcd824  x86_64/10.2/RPMS/lib64net-snmp5-static-devel-5.2.1-3.1.102mdk.x86_64.rpm
 5750dfbeb765a8a9cc5edea0367136ef  x86_64/10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.x86_64.rpm
 0bb727dd060f69e722e2d9119b09c920  x86_64/10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.x86_64.rpm
 bed3ea77aedda99248cf505004cd7ce2  x86_64/10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.x86_64.rpm
 5b15725662b555b200599babd751202e  x86_64/10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.x86_64.rpm
 c302bf9154a851284ec75845f2d16fbb  x86_64/10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.x86_64.rpm
 274a211bc0310147425dde0177933b3a  x86_64/10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

10.2 i586

 d094f32e704563d30bacb2c4555313bd  10.2/RPMS/libnet-snmp5-5.2.1-3.1.102mdk.i586.rpm
 d1f446814f498f188add32de07b119bd  10.2/RPMS/libnet-snmp5-devel-5.2.1-3.1.102mdk.i586.rpm
 9b75d6a1d06f29377e4ddb01e9dd77ca  10.2/RPMS/libnet-snmp5-static-devel-5.2.1-3.1.102mdk.i586.rpm
 709bbe1ab3ade1d812451a0e95dbc74c  10.2/RPMS/net-snmp-5.2.1-3.1.102mdk.i586.rpm
 70ab9c54aad572ef98bc05722b792dfa  10.2/RPMS/net-snmp-mibs-5.2.1-3.1.102mdk.i586.rpm
 f63e29921d9a996859803e1bacfa12b1  10.2/RPMS/net-snmp-trapd-5.2.1-3.1.102mdk.i586.rpm
 9e7acc9c5e689d52ca713e70ae210fdf  10.2/RPMS/net-snmp-utils-5.2.1-3.1.102mdk.i586.rpm
 4ce882e9f770d3b0703758f07de93d33  10.2/RPMS/perl-NetSNMP-5.2.1-3.1.102mdk.i586.rpm
 274a211bc0310147425dde0177933b3a  10.2/SRPMS/net-snmp-5.2.1-3.1.102mdk.src.rpm

10.1 i586

 5e45d435f1d54d5e3090782b6abba68d  10.1/RPMS/libnet-snmp5-5.1.2-6.1.101mdk.i586.rpm
 0bfb669d7aa43f082748130de49566d9  10.1/RPMS/libnet-snmp5-devel-5.1.2-6.1.101mdk.i586.rpm
 6c893808aef9ee5bc260097f85f59a8c  10.1/RPMS/libnet-snmp5-static-devel-5.1.2-6.1.101mdk.i586.rpm
 9990e6a604e33077001acd83ef992839  10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.i586.rpm
 6cde654363177bcbce43e0629c4410df  10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.i586.rpm
 00a8209096eead381f4b92d6c5610d35  10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.i586.rpm
 71f10f045162b00f15574d86a1ac4042  10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.i586.rpm
 bafa69a28faf8e3f926e4791eca78afe  10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.i586.rpm
 9336accac13fed9119b8d53e1ce18842  10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

CS3.0 x86_64

 ff618e405dea0563a6e35680993ceb9b  x86_64/corporate/3.0/RPMS/lib64net-snmp5-5.1-7.2.C30mdk.x86_64.rpm
 aea5952fc98d667280f2cc9595482fde  x86_64/corporate/3.0/RPMS/lib64net-snmp5-devel-5.1-7.2.C30mdk.x86_64.rpm
 877dd4ca90a79a07f22c3c91e523877c  x86_64/corporate/3.0/RPMS/lib64net-snmp5-static-devel-5.1-7.2.C30mdk.x86_64.rpm
 f2f83c224b85bbc57d493085baed30d2  x86_64/corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.x86_64.rpm
 e6016001da2e93385d9bb33714dc3b5b  x86_64/corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.x86_64.rpm
 43a28bf6e34b44616a185d355ba33108  x86_64/corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.x86_64.rpm
 53a861ab75ef7806ba59977f644ecc62  x86_64/corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.x86_64.rpm
 8f3c4ead1bd79a6826dae2dfc279b972  x86_64/corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

CS3.0 i586

 af2cfb8c941c61e09e90f972e196fc7c  corporate/3.0/RPMS/libnet-snmp5-5.1-7.2.C30mdk.i586.rpm
 398eb8a624998f3269fd921097e040b8  corporate/3.0/RPMS/libnet-snmp5-devel-5.1-7.2.C30mdk.i586.rpm
 0654942277f25a812438356840d69063  corporate/3.0/RPMS/libnet-snmp5-static-devel-5.1-7.2.C30mdk.i586.rpm
 b50cee131b9255792bbfe4c785b7869b  corporate/3.0/RPMS/net-snmp-5.1-7.2.C30mdk.i586.rpm
 dee0feb110fda0312fdcc05db315007a  corporate/3.0/RPMS/net-snmp-mibs-5.1-7.2.C30mdk.i586.rpm
 e22ca26b96609e60b15459290dd5f37d  corporate/3.0/RPMS/net-snmp-trapd-5.1-7.2.C30mdk.i586.rpm
 1a35259e34c7f14c4618a712718db361  corporate/3.0/RPMS/net-snmp-utils-5.1-7.2.C30mdk.i586.rpm
 8f3c4ead1bd79a6826dae2dfc279b972  corporate/3.0/SRPMS/net-snmp-5.1-7.2.C30mdk.src.rpm

10.1 x86_64

 fb7f15b0ce19d694d187c8d245b7eb39  x86_64/10.1/RPMS/lib64net-snmp5-5.1.2-6.1.101mdk.x86_64.rpm
 2eb7bfbb87d50036f59d40c8f74013af  x86_64/10.1/RPMS/lib64net-snmp5-devel-5.1.2-6.1.101mdk.x86_64.rpm
 91f01ccb844bfe0fc288d0d2ae0a6b92  x86_64/10.1/RPMS/lib64net-snmp5-static-devel-5.1.2-6.1.101mdk.x86_64.rpm
 19727111e192d653497dfd95788d605b  x86_64/10.1/RPMS/net-snmp-5.1.2-6.1.101mdk.x86_64.rpm
 c8accd70d2ee97c8e96d7621614bab4a  x86_64/10.1/RPMS/net-snmp-mibs-5.1.2-6.1.101mdk.x86_64.rpm
 67fe7b2332127afe6ca19111c5ac0527  x86_64/10.1/RPMS/net-snmp-trapd-5.1.2-6.1.101mdk.x86_64.rpm
 3d36801e15db09a37115c5299f0f8ed2  x86_64/10.1/RPMS/net-snmp-utils-5.1.2-6.1.101mdk.x86_64.rpm
 9abc3a1c0109487a99491c0586410b5b  x86_64/10.1/RPMS/perl-NetSNMP-5.1.2-6.1.101mdk.x86_64.rpm
 9336accac13fed9119b8d53e1ce18842  x86_64/10.1/SRPMS/net-snmp-5.1.2-6.1.101mdk.src.rpm

References