View Full Version : USN-564-1: Net-SNMP vulnerability

January 9th, 2008, 07:50 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-564-1 January 09, 2008 net-snmp vulnerability CVE-2007-5846 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: snmpd Ubuntu 6.10: snmpd 5.2.2-5ubuntu1.1 Ubuntu 7.04: snmpd 5.2.3-4ubuntu1.1 Ubuntu 7.10: snmpd 5.3.1-6ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.

More... (http://www.ubuntu.com/usn/usn-564-1)