Gentoo Archives: gentoo-user-es

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-user-es] [gentoo-announce] GLSA: net-snmp
Date: Mon, 14 Oct 2002 03:00:04
Message-Id: 20021014075941.1ECDC336F6@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT
6 - - --------------------------------------------------------------------
7
8 PACKAGE        :net-snmp
9 SUMMARY        :Denial of service
10 DATE           :2002-10-14 08:00 UTC
11
12 - - --------------------------------------------------------------------
13
14 The SNMP daemon included in the Net-SNMP package can be crashed
15 if it attempts to process a specially crafted packet. Exploitation
16 requires foreknowledge of a known SNMP community string (either
17 read or read/write). This issue potentially affects any Net-SNMP
18 installation in which the "public" read-only community string has not
19 been changed.
20
21 Read the full advisory at
22 http://www.idefense.com/advisory/10.02.02.txt
23
24 SOLUTION
25
26 It is recommended that all Gentoo Linux users who are running
27 net-analyzer/net-snmp-5.0.2a and earlier update their systems
28 as follows:
29
30 emerge rsync
31 emerge net-snmp
32 emerge clean
33
34 - - --------------------------------------------------------------------
35 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
36 - - --------------------------------------------------------------------
37 -----BEGIN PGP SIGNATURE-----
38 Version: GnuPG v1.0.7 (GNU/Linux)
39
40 iD8DBQE9qnpxfT7nyhUpoZMRAr8VAJ9NwwO9ymOe6V66qGre6wdnJ2kOTACgulqf
41 CKtVjHMlHd5/lFs31IBCyno=
42 =KVPU
43 -----END PGP SIGNATURE-----
44 _______________________________________________
45 gentoo-announce mailing list
46 gentoo-announce@g.o
47 http://lists.gentoo.org/mailman/listinfo/gentoo-announce