PDA

View Full Version : USN-564-1: Net-SNMP vulnerability



rss-bot
January 9th, 2008, 07:50 PM
Referenced CVEs:
CVE-2007-5846


Description:
================================================== ========= Ubuntu Security Notice USN-564-1 January 09, 2008 net-snmp vulnerability CVE-2007-5846 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: snmpd 5.2.1.2-4ubuntu2.2 Ubuntu 6.10: snmpd 5.2.2-5ubuntu1.1 Ubuntu 7.04: snmpd 5.2.3-4ubuntu1.1 Ubuntu 7.10: snmpd 5.3.1-6ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.





More... (http://www.ubuntu.com/usn/usn-564-1)