-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:225 http://www.mandriva.com/security/ _______________________________________________________________________ Package : net-snmp Date : November 19, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 83e0d0edc66af5d11b032cf2a7c12054 2007.0/i586/libnet-snmp10-5.3.1-2.1mdv2007.0.i586.rpm 211db38ffbbefb22f653a18da8e928f5 2007.0/i586/libnet-snmp10-devel-5.3.1-2.1mdv2007.0.i586.rpm b43cc33ca2b0fb582e69bbe52578e76a 2007.0/i586/libnet-snmp10-static-devel-5.3.1-2.1mdv2007.0.i586.rpm e2ac837cd1eff29bb56f5fa964f59ed5 2007.0/i586/net-snmp-5.3.1-2.1mdv2007.0.i586.rpm 2434602e5d0a3133318600b4071cf4ea 2007.0/i586/net-snmp-mibs-5.3.1-2.1mdv2007.0.i586.rpm d9336d2710c1a44531cdb790cd8f47cf 2007.0/i586/net-snmp-trapd-5.3.1-2.1mdv2007.0.i586.rpm a1945889589568b420181a8a196d51ad 2007.0/i586/net-snmp-utils-5.3.1-2.1mdv2007.0.i586.rpm cf8fd2357e80a805ab3210fd3a8f8d01 2007.0/i586/perl-NetSNMP-5.3.1-2.1mdv2007.0.i586.rpm da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7a4a25157d9a1e3b9cf4bf7af1205aa8 2007.0/x86_64/lib64net-snmp10-5.3.1-2.1mdv2007.0.x86_64.rpm cab6a3e8bc7167656e38e5a429eb8c0a 2007.0/x86_64/lib64net-snmp10-devel-5.3.1-2.1mdv2007.0.x86_64.rpm 03f09f4fe99c381bda2603861f9644a2 2007.0/x86_64/lib64net-snmp10-static-devel-5.3.1-2.1mdv2007.0.x86_64.rpm 425489fcb707757a46e0c6105309e2ff 2007.0/x86_64/net-snmp-5.3.1-2.1mdv2007.0.x86_64.rpm 7df1fa9a564c63687621355561ba9eec 2007.0/x86_64/net-snmp-mibs-5.3.1-2.1mdv2007.0.x86_64.rpm fe2aaae5507ae5122a7d30f9fd74eef5 2007.0/x86_64/net-snmp-trapd-5.3.1-2.1mdv2007.0.x86_64.rpm ee1ae1d56af4b511b3bb2b1a986aa60a 2007.0/x86_64/net-snmp-utils-5.3.1-2.1mdv2007.0.x86_64.rpm 04393ea88742f3b05586a555d8ad81ec 2007.0/x86_64/perl-NetSNMP-5.3.1-2.1mdv2007.0.x86_64.rpm da66327183a153d054bbc5d70fde958c 2007.0/SRPMS/net-snmp-5.3.1-2.1mdv2007.0.src.rpm Mandriva Linux 2007.1: fa0f200cd711f97684d9debfdeef3e15 2007.1/i586/libnet-snmp10-5.3.1-3.1mdv2007.1.i586.rpm 68c25bedfd4370a5fc0aa5ff934a2b1b 2007.1/i586/libnet-snmp10-devel-5.3.1-3.1mdv2007.1.i586.rpm ecbd2c76a1ea3595594f10c66bea5772 2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.1mdv2007.1.i586.rpm 04c676ae1290bbfbd7083252ae5b10dd 2007.1/i586/net-snmp-5.3.1-3.1mdv2007.1.i586.rpm 2a6c6befd5958c7c9c946d2189d2f128 2007.1/i586/net-snmp-mibs-5.3.1-3.1mdv2007.1.i586.rpm 5cd1e27c1af30157ead213324c440527 2007.1/i586/net-snmp-trapd-5.3.1-3.1mdv2007.1.i586.rpm 423682a7f455940da49272647925838e 2007.1/i586/net-snmp-utils-5.3.1-3.1mdv2007.1.i586.rpm 1ca18897188b7a34d98b146d65746477 2007.1/i586/perl-NetSNMP-5.3.1-3.1mdv2007.1.i586.rpm f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 9cdea571a84945accd6d38527b1bedb5 2007.1/x86_64/lib64net-snmp10-5.3.1-3.1mdv2007.1.x86_64.rpm 8352cb8ef1fac035ea009d696e1d5837 2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.1mdv2007.1.x86_64.rpm 5e54dd10e2f97bd2ee23f0a715ef734e 2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.1mdv2007.1.x86_64.rpm 3187463725a5b015d3f507ac4a723160 2007.1/x86_64/net-snmp-5.3.1-3.1mdv2007.1.x86_64.rpm 638d8c0a5d4be46ee1b9c2640ed7a061 2007.1/x86_64/net-snmp-mibs-5.3.1-3.1mdv2007.1.x86_64.rpm c4f41ebf9bf64dfc5236bb935ee16c31 2007.1/x86_64/net-snmp-trapd-5.3.1-3.1mdv2007.1.x86_64.rpm 734133a9a7a860f90b76c8bd72a0ddd0 2007.1/x86_64/net-snmp-utils-5.3.1-3.1mdv2007.1.x86_64.rpm b1f5da81f1c27888df5ba8f71279fb05 2007.1/x86_64/perl-NetSNMP-5.3.1-3.1mdv2007.1.x86_64.rpm f2a3a8df265da917384a4c0916b330a6 2007.1/SRPMS/net-snmp-5.3.1-3.1mdv2007.1.src.rpm Corporate 3.0: 748009feee8a9d4d904b7e77537ff791 corporate/3.0/i586/libnet-snmp5-5.1-7.3.C30mdk.i586.rpm 8ca0b75c8ec8e0839ae37335b04629ab corporate/3.0/i586/libnet-snmp5-devel-5.1-7.3.C30mdk.i586.rpm a0c2d416faa87c016826b5f8616c3af3 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.3.C30mdk.i586.rpm 99659604d3f40d23179b2b3138178e41 corporate/3.0/i586/net-snmp-5.1-7.3.C30mdk.i586.rpm 3f9e8c99d31dd0dd0d3e5364325370ac corporate/3.0/i586/net-snmp-mibs-5.1-7.3.C30mdk.i586.rpm 6bf842fa5664b91062fc74fac450aa90 corporate/3.0/i586/net-snmp-trapd-5.1-7.3.C30mdk.i586.rpm ced36508ad4a349cf945d62823b556d5 corporate/3.0/i586/net-snmp-utils-5.1-7.3.C30mdk.i586.rpm d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-5.1-7.3.C30mdk.src.rpm Corporate 3.0/X86_64: d3f097f7389841deb188d7353c5fdf5c corporate/3.0/x86_64/lib64net-snmp5-5.1-7.3.C30mdk.x86_64.rpm b53aea1a27f1c5a1e5515abb31ac70b0 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.3.C30mdk.x86_64.rpm a910dfbb95c2dd8fe70ce1c62e743c03 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.3.C30mdk.x86_64.rpm bfe1ba7a83f9afcacd9273eb6ebbd538 corporate/3.0/x86_64/net-snmp-5.1-7.3.C30mdk.x86_64.rpm b6e7b70f0d7549f44850834b2542fb8f corporate/3.0/x86_64/net-snmp-mibs-5.1-7.3.C30mdk.x86_64.rpm a5ab3548c27e86789e41248ab53e4982 corporate/3.0/x86_64/net-snmp-trapd-5.1-7.3.C30mdk.x86_64.rpm 3c57bfdfa6b4ac44adab12bda0131a2f corporate/3.0/x86_64/net-snmp-utils-5.1-7.3.C30mdk.x86_64.rpm d8da239034cf799078cc3df5c5646501 corporate/3.0/SRPMS/net-snmp-5.1-7.3.C30mdk.src.rpm Corporate 4.0: 0fac46c024f1cb4a8be101e69a942233 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.1.20060mlcs4.i586.rpm 857fcac472ce931834cccde0de2741e4 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm 112cceb5d76947959c251ecb1b157a3e corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.i586.rpm ecf0b6386447f6442375cb39c60479cd corporate/4.0/i586/net-snmp-5.2.1.2-5.1.20060mlcs4.i586.rpm 72a4fa1c8af3cc00bfbb3d877d5c329a corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.1.20060mlcs4.i586.rpm ab9ceaa6d9df42f687fe0c6790a2d266 corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.1.20060mlcs4.i586.rpm c66e13b576028690583f0fa2318bee3f corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.1.20060mlcs4.i586.rpm 8aeab0a22ec99e5cde40593c883415aa corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.1.20060mlcs4.i586.rpm b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3bb05138c10885baa4db145f2ae6c726 corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 2ef53cc96353eefb27abf76bc83bd35f corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 14ce1bda23212a415cbdcc43b46813c2 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.1.20060mlcs4.x86_64.rpm f6e393154ee66701b8fb5d848aeb3d7e corporate/4.0/x86_64/net-snmp-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 77fcaeda03c9bed289ba9a7a6cc1ca48 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.1.20060mlcs4.x86_64.rpm e40ea44f385c0c92961fb11fa4013c02 corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 537f8597086053c4d5a56ebd7d35b9e3 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.1.20060mlcs4.x86_64.rpm 51b4c70346529ba7a88de89543d16040 corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.1.20060mlcs4.x86_64.rpm b42c3b00b13c6cc458a0435dd4c7ff71 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: 9210aef172a538942f490c89afb4022b mnf/2.0/i586/libnet-snmp5-5.1-7.3.M20mdk.i586.rpm 844c7d5cb0cec99e3cab16792cb7766e mnf/2.0/SRPMS/net-snmp-5.1-7.3.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHQaYcmqjQ0CJFipgRAtwPAKDBmKLrILjPOlBxv0HLu3YwQxbjFACfVRZM +tyjwf62Xh9rba65JnJ1RtU= =zmEd -----END PGP SIGNATURE-----