net-snmp-5.3.1-19.1.1AXS3

エラータID: AXSA:2008-81:01

Release date: 
Tuesday, August 26, 2008 - 12:06
Subject: 
net-snmp-5.3.1-19.1.1AXS3
Affected Channels: 
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The Simple Network Management Protocol (SNMP) is a protocol used for network management.
CVE 2008-2292
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
CVE 2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; and (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Solution: 

Update packages

CVEs: 
CVE-2008-2292
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
CVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. net-snmp-5.3.1-19.1.1AXS3.i386.rpm
    MD5: bde05076110521eac28f54232f5d9ab1
    SHA-256: 6d9a76b983b04b24e08671fcd9d55b841a3308c5d7329e02c62bc269753759d7
    Size: 707.06 kB
  2. net-snmp-devel-5.3.1-19.1.1AXS3.i386.rpm
    MD5: 815b4d3bdfc1bd693b4569b41e027f9b
    SHA-256: b482a8f1c6236c7ea25ba281157d7e5207205027bf801b8e0babaef33a8b66a3
    Size: 1.81 MB
  3. net-snmp-libs-5.3.1-19.1.1AXS3.i386.rpm
    MD5: 3ce069acceb11e506c80839795230538
    SHA-256: 4de7534dd588296c8008fe4169c1ecda08f90fb99fda01caba7e21b267453c39
    Size: 1.19 MB
  4. net-snmp-perl-5.3.1-19.1.1AXS3.i386.rpm
    MD5: f993632df36286edba3071a0948164a9
    SHA-256: cd771ce1118de7819f100a423888005f3f08452c2e4745645f1980178c33e9a9
    Size: 195.36 kB
  5. net-snmp-utils-5.3.1-19.1.1AXS3.i386.rpm
    MD5: c93a0fad4c48e1dfed19145617072494
    SHA-256: 673a6e55a4b37026af3d81210179fa8ff86711e5f1e207bcd2e0e71fbcbc70e8
    Size: 180.56 kB

Asianux Server 3 for x86_64
  1. net-snmp-5.3.1-19.1.1AXS3.x86_64.rpm
    MD5: 0c2cae9a6693b06e1ca92fc1cd2f7ba8
    SHA-256: 8575f6bebbdd18ba8c393320a464203d33a05428cf2a528e33e1cd04085f5bf7
    Size: 712.39 kB
  2. net-snmp-devel-5.3.1-19.1.1AXS3.x86_64.rpm
    MD5: 9454d2f27ed683aa05b07e33fc88b29b
    SHA-256: 49ef8285bbeb35a096c2812abc37a3bd30a2f5ace3cc1e803c9d5ff7cdfd232a
    Size: 1.86 MB
  3. net-snmp-libs-5.3.1-19.1.1AXS3.x86_64.rpm
    MD5: f9debb08999c7af61c16e948a0cdeffb
    SHA-256: 950a3acda71ce9ba0d33fe4ff1be2b1f8d52b20078a4c148e9dc935dd1b66663
    Size: 1.20 MB
  4. net-snmp-perl-5.3.1-19.1.1AXS3.x86_64.rpm
    MD5: 63832e147f49fa19dfbbbf61addd2d83
    SHA-256: 2d7d001dcc15956ee5193223c0e0a1fcbd4f7d848b905e1f6ea116413dd40727
    Size: 193.69 kB
  5. net-snmp-utils-5.3.1-19.1.1AXS3.x86_64.rpm
    MD5: 939b0d21ffc3620659e3f08ab8769d58
    SHA-256: 7975f72dd3a8f07e6e0d414036b87894b3c84c26fba511522b096f1a107e6469
    Size: 182.45 kB