Nom du paquet
net-snmp
Date
2008-06-19
Advisory ID
MDVSA-2008:118
Affected versions
CS4.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's
Keyed-Hash Message Authentication Code (HMAC). An attacker
could exploit this flaw to spoof an authenticated SNMPv3 packet
(CVE-2008-0960).

A buffer overflow was found in the perl bindings for Net-SNMP that
could be exploited if an attacker could convince an application
using the Net-SNMP perl modules to connect to a malicious SNMP agent
(CVE-2008-2292).

The updated packages have been patched to prevent these issues.

Updated packages

CS4.0 i586

 6cbe9d76db3b05c2435bcbc5cf16c898  corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.2.20060mlcs4.i586.rpm
 586a55cfde45020d5ea0ebf5f2d6c840  corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
 d992d8300cf0639942a179349d592e15  corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
 03a49b848c376b705dcfcef0ec817daf  corporate/4.0/i586/net-snmp-5.2.1.2-5.2.20060mlcs4.i586.rpm
 22b9d01b3b7a8a34ed3e1a5a435286a8  corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.i586.rpm
 dccc01a94c1f29eac2875e6a935bf589  corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.i586.rpm
 77f93230f96abce039b52ca5612eaa36  corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.i586.rpm
 8a7209b70979c9d73035ff40cbd8dbb4  corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.i586.rpm 
 ac919459a8752cddfd441c085ca69117  corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm

CS4.0 x86_64

 f94c7e967973ba8aa12b5605251d6e78  corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 f332985986eff2d6c8a75b5c263dedb1  corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 82fc454916e75866370ee738292021c8  corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 ff0adeb23df57eb34869c7100df159da  corporate/4.0/x86_64/net-snmp-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 72f2dc9cb1695999660a9ff9c97e4c47  corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 0f244551c87e051a8274e5050cf0bc2a  corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 7c4e7fb304c77c6551a50495d338e84e  corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
 68d81ca4c173710ef43b36092df2a6ee  corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.x86_64.rpm 
 ac919459a8752cddfd441c085ca69117  corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm

MNF2.0 i586

 f98286a301d580fe306917cf0169ef88  mnf/2.0/i586/libnet-snmp5-5.1-7.4.M20mdk.i586.rpm 
 3ba27516773b1dd933828207cecc7754  mnf/2.0/SRPMS/net-snmp-5.1-7.4.M20mdk.src.rpm

2008.0 i586

 8de3c4975620db2b2c2697d6f9deb79b  2008.0/i586/libnet-snmp15-5.4.1-1.1mdv2008.0.i586.rpm
 b1991c58d996f4be200fe141e28c5f7d  2008.0/i586/libnet-snmp-devel-5.4.1-1.1mdv2008.0.i586.rpm
 03c54182cc7f97633f29ff0251a8c898  2008.0/i586/libnet-snmp-static-devel-5.4.1-1.1mdv2008.0.i586.rpm
 1f792de19b7b38b56d68242958d5d800  2008.0/i586/net-snmp-5.4.1-1.1mdv2008.0.i586.rpm
 e3362a641e232a6ecf0b8230f0e49ec8  2008.0/i586/net-snmp-mibs-5.4.1-1.1mdv2008.0.i586.rpm
 bc6d8c10135ea64a4d512d80d04b1b39  2008.0/i586/net-snmp-trapd-5.4.1-1.1mdv2008.0.i586.rpm
 8e7f28ee85fb48129eea57d11d391c8b  2008.0/i586/net-snmp-utils-5.4.1-1.1mdv2008.0.i586.rpm
 beab129e378f61a6bf62d366a4d90639  2008.0/i586/perl-NetSNMP-5.4.1-1.1mdv2008.0.i586.rpm 
 3fce488df784163f19e6a55061d773ca  2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm

2007.1 i586

 8db66ef5a5468d3fd72a47855230a28e  2007.1/i586/libnet-snmp10-5.3.1-3.2mdv2007.1.i586.rpm
 c951b17138ef11828b2ccf031d4cddaf  2007.1/i586/libnet-snmp10-devel-5.3.1-3.2mdv2007.1.i586.rpm
 536a87919f32fac81964d0a907bf08fe  2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.2mdv2007.1.i586.rpm
 39e33947c21666dac5dbe5cfe103b26d  2007.1/i586/net-snmp-5.3.1-3.2mdv2007.1.i586.rpm
 1eed5ebaff8f6f83befbf8d831900073  2007.1/i586/net-snmp-mibs-5.3.1-3.2mdv2007.1.i586.rpm
 874db03c69584025e4d91049072d3c4e  2007.1/i586/net-snmp-trapd-5.3.1-3.2mdv2007.1.i586.rpm
 11af93c879d8cd9353b7cb1826900222  2007.1/i586/net-snmp-utils-5.3.1-3.2mdv2007.1.i586.rpm
 2c9e819eeb5fd472f6a0fe338d86182b  2007.1/i586/perl-NetSNMP-5.3.1-3.2mdv2007.1.i586.rpm 
 7a0806202ff8f3d838fa7958b636a449  2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm

CS3.0 x86_64

 b31f277942fca76d953007c94a60cae2  corporate/3.0/x86_64/lib64net-snmp5-5.1-7.4.C30mdk.x86_64.rpm
 e4a3fba10ccdd805dc8783ae68c99a42  corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.4.C30mdk.x86_64.rpm
 530a94cc87af0e4d6e9f3815473c0dd4  corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.4.C30mdk.x86_64.rpm
 f246ca421b5d16c599d53f70e4b97660  corporate/3.0/x86_64/lib64snmp0-4.2.3-8.2.C30mdk.x86_64.rpm
 b943e07726a2fecb016ef4ba626906d8  corporate/3.0/x86_64/lib64snmp0-devel-4.2.3-8.2.C30mdk.x86_64.rpm
 22822876f72e35cf6d1ed027df93e74a  corporate/3.0/x86_64/net-snmp-5.1-7.4.C30mdk.x86_64.rpm
 e7e51782b9bbd1e1bdf93c17fb953280  corporate/3.0/x86_64/net-snmp-mibs-5.1-7.4.C30mdk.x86_64.rpm
 e67a9105f9492c020693d48ce55652ea  corporate/3.0/x86_64/net-snmp-trapd-5.1-7.4.C30mdk.x86_64.rpm
 171a17e507b2dfdb9c70c0089e582221  corporate/3.0/x86_64/net-snmp-utils-5.1-7.4.C30mdk.x86_64.rpm
 96886146d21175b076e92d59e96f5016  corporate/3.0/x86_64/ucd-snmp-4.2.3-8.2.C30mdk.x86_64.rpm
 1b6ee4c253f15be516a1928a4f791f15  corporate/3.0/x86_64/ucd-snmp-utils-4.2.3-8.2.C30mdk.x86_64.rpm 
 ccaa4d311ad0e5d119e17b1f1876c7e2  corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
 53e16d2069cffb7e7d1e7a324192d5c2  corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm

2008.0 x86_64

 82b570c9cb7e0662df4d7da730c131db  2008.0/x86_64/lib64net-snmp15-5.4.1-1.1mdv2008.0.x86_64.rpm
 20b8a6e3fc8dd82fe5ecfdb337553938  2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
 555688caa0eee850b3a5f835a5778849  2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
 60d65f80aec29dcb6d4ceb4bb117a9bc  2008.0/x86_64/net-snmp-5.4.1-1.1mdv2008.0.x86_64.rpm
 685c9dd25b585afc128de1b3c092e5d5  2008.0/x86_64/net-snmp-mibs-5.4.1-1.1mdv2008.0.x86_64.rpm
 7bff860904572c092f737ac17940d5b2  2008.0/x86_64/net-snmp-trapd-5.4.1-1.1mdv2008.0.x86_64.rpm
 e434686bddfb04f2a8bd01346517ecb4  2008.0/x86_64/net-snmp-utils-5.4.1-1.1mdv2008.0.x86_64.rpm
 4fab6e498e1f05809db500ce895aad66  2008.0/x86_64/perl-NetSNMP-5.4.1-1.1mdv2008.0.x86_64.rpm 
 3fce488df784163f19e6a55061d773ca  2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm

CS3.0 i586

 335af3930865c8eb44ef436cad5fb373  corporate/3.0/i586/libnet-snmp5-5.1-7.4.C30mdk.i586.rpm
 b8e1d307ee6fa3905d292077fc063318  corporate/3.0/i586/libnet-snmp5-devel-5.1-7.4.C30mdk.i586.rpm
 a668cc4de411865567d1a93f34cee1e3  corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.4.C30mdk.i586.rpm
 d8c0d342b03e5719443d2de06c631bd5  corporate/3.0/i586/libsnmp0-4.2.3-8.2.C30mdk.i586.rpm
 6bbe3bb2502ce3c974f7b5737331bb4d  corporate/3.0/i586/libsnmp0-devel-4.2.3-8.2.C30mdk.i586.rpm
 daca10f2e578f75c1e7415d78ed30265  corporate/3.0/i586/net-snmp-5.1-7.4.C30mdk.i586.rpm
 1630ebd75201e1bc3956b12a26282f92  corporate/3.0/i586/net-snmp-mibs-5.1-7.4.C30mdk.i586.rpm
 5a4f483c877a6278088a265cb3273d61  corporate/3.0/i586/net-snmp-trapd-5.1-7.4.C30mdk.i586.rpm
 316d866de7fa7cd984d58f5cb742f5e3  corporate/3.0/i586/net-snmp-utils-5.1-7.4.C30mdk.i586.rpm
 e3d4197517565f12e2c3a8fd1cc5d2e7  corporate/3.0/i586/ucd-snmp-4.2.3-8.2.C30mdk.i586.rpm
 17e8d856fd1dac18552818a842105c88  corporate/3.0/i586/ucd-snmp-utils-4.2.3-8.2.C30mdk.i586.rpm 
 ccaa4d311ad0e5d119e17b1f1876c7e2  corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
 53e16d2069cffb7e7d1e7a324192d5c2  corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm

2008.1 x86_64

 618c241e0ecb57685646264c9bb083b4  2008.1/x86_64/lib64net-snmp15-5.4.1-5.1mdv2008.1.x86_64.rpm
 bb0ebf49ee7cca29965aeb398f4725f6  2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
 b4f29f00773291f6cc00784ed7cde470  2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
 3039811b6682dc4009b32ff48a99eb2b  2008.1/x86_64/net-snmp-5.4.1-5.1mdv2008.1.x86_64.rpm
 fab09178635501eb5d6a82eb7bd532a3  2008.1/x86_64/net-snmp-mibs-5.4.1-5.1mdv2008.1.x86_64.rpm
 da29d4c7edaa15d95f8bee98dbfab025  2008.1/x86_64/net-snmp-tkmib-5.4.1-5.1mdv2008.1.x86_64.rpm
 d9aad834d82d310c64f6f21e17a55920  2008.1/x86_64/net-snmp-trapd-5.4.1-5.1mdv2008.1.x86_64.rpm
 7a7c871bd87dc91c16b046ac115cda70  2008.1/x86_64/net-snmp-utils-5.4.1-5.1mdv2008.1.x86_64.rpm
 d102ea2af0fcaaebd98defda72bcfc91  2008.1/x86_64/perl-NetSNMP-5.4.1-5.1mdv2008.1.x86_64.rpm 
 7a19c1f8d42052af6392b18b48bd965c  2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm

2008.1 i586

 4bafceae1a29f6557b5aa884eca24ba0  2008.1/i586/libnet-snmp15-5.4.1-5.1mdv2008.1.i586.rpm
 1eedbae5df7e503de1cba736129beaa1  2008.1/i586/libnet-snmp-devel-5.4.1-5.1mdv2008.1.i586.rpm
 615a88847cbf1ce6eaf0029037a14b1b  2008.1/i586/libnet-snmp-static-devel-5.4.1-5.1mdv2008.1.i586.rpm
 7323cb7d35eb67664d40ad73b413679d  2008.1/i586/net-snmp-5.4.1-5.1mdv2008.1.i586.rpm
 d43ed96a806639a94af2a137c75e276e  2008.1/i586/net-snmp-mibs-5.4.1-5.1mdv2008.1.i586.rpm
 7394b1361b43056b5eb99827771358cf  2008.1/i586/net-snmp-tkmib-5.4.1-5.1mdv2008.1.i586.rpm
 8d6fd9308c2edbe8c020d2c33b3a841d  2008.1/i586/net-snmp-trapd-5.4.1-5.1mdv2008.1.i586.rpm
 dc58047a02e1a222af20aa794ea8f447  2008.1/i586/net-snmp-utils-5.4.1-5.1mdv2008.1.i586.rpm
 2ad9888cd61fc4952c1cee0c48f714b5  2008.1/i586/perl-NetSNMP-5.4.1-5.1mdv2008.1.i586.rpm 
 7a19c1f8d42052af6392b18b48bd965c  2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm

2007.1 x86_64

 aa27de502ce22110fd745c0b847b79d9  2007.1/x86_64/lib64net-snmp10-5.3.1-3.2mdv2007.1.x86_64.rpm
 1843dd154c443cca9ae977e502221d6d  2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
 838bd7820d446bd947bc46e090b38066  2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
 e659d3df04816330c7bf45008f66bc27  2007.1/x86_64/net-snmp-5.3.1-3.2mdv2007.1.x86_64.rpm
 756d5606a1039d20a7512b0a109d53bb  2007.1/x86_64/net-snmp-mibs-5.3.1-3.2mdv2007.1.x86_64.rpm
 8ad36943e07362865f3a48c99914e48c  2007.1/x86_64/net-snmp-trapd-5.3.1-3.2mdv2007.1.x86_64.rpm
 483140c06017507127d12357c3ed2b41  2007.1/x86_64/net-snmp-utils-5.3.1-3.2mdv2007.1.x86_64.rpm
 e2bb901815ffa1ca5b0a16bc1363f84f  2007.1/x86_64/perl-NetSNMP-5.3.1-3.2mdv2007.1.x86_64.rpm 
 7a0806202ff8f3d838fa7958b636a449  2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm

References