[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mandrake] Schwachstelle in Net-SNMP - MDKSA-2003:115

To: win-sec-ssc@xxxxxxxxxxx
Subject: [Mandrake] Schwachstelle in Net-SNMP - MDKSA-2003:115
From: win-sec-ssc@xxxxxxxxxxx
Date: Mon, 15 Dec 2003 16:57:33 +0100
Delivery-date: Mon, 15 Dec 2003 16:58:08 +0100
Envelope-to: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Advisory von Mandrakesoft Security
ueber Sicherheitsprobleme bei Net-SNMP. Wir geben diese Informationen
unveraendert an Sie weiter.

Diese Schwachstelle ist bereits in dem Advisory RHSA-2003:335-01 von
Red Hat beschrieben worden:

CAN-2003-0935:

  Durch einen Fehler in der Implementierung der Net-SNMP Werkzeuge
  kann ein bestehender User Zugang zu MIB Objekten der Datenbank
  bekommen, obwohl ihm dieser in der Konfiguration explizit verwehrt
  wurde.

Welche Versionen von Mandrake Linux betroffen sind, entnehmen sie
bitte dem angefuegten Advisory.

(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.

Mit freundlichen Gruessen,

    Jan Kohlrausch
- -- 
Jan Kohlrausch     |             mailto:kohlrausch@xxxxxxxxxxx
DFN-CERT GmbH      |   http://www.cert.dfn.de/team/kohlrausch/
Heidenkampsweg 41  |                 Phone: +49(40) 808077 555
D-20097 Hamburg    |                   FAX: +49(40) 808077 556
Germany            |                     PGP-KeyID: 0xA5DD03D1
PGP-Key Fingerprint:  A255 1C51 0A30 3E78  5B40 DAB7 14F7 C9E8



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           net-snmp
 Advisory ID:            MDKSA-2003:115
 Date:                   December 11th, 2003

 Affected versions:	 9.1, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an
 existing user/community to gain access to data in MIB objects that
 were explicitly excluded from their view.
 
 The updated packages provide Net-SNMP version 5.0.9 which is not
 vulnerable to this issue and also fixes a number of other smaller
 bugs.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0935
  http://sourceforge.net/forum/forum.php?forum_id=308015
 ______________________________________________________________________

 Updated Packages:
  
 Mandrake Linux 9.1:
 a7814254e6cdf2d30e2cb9df1f5d2111  9.1/RPMS/libnet-snmp50-5.0.9-1.1.91mdk.i586.rpm
 94f6be73d689bfacdc36f7d777b4b104  9.1/RPMS/libnet-snmp50-devel-5.0.9-1.1.91mdk.i586.rpm
 430a01427c358e191ff4684bd8b554e4  9.1/RPMS/libnet-snmp50-static-devel-5.0.9-1.1.91mdk.i586.rpm
 b20dd994f8674d07b2072fc29c9fa2ca  9.1/RPMS/net-snmp-5.0.9-1.1.91mdk.i586.rpm
 89ccb6dedaf1909aac3ec74569e97336  9.1/RPMS/net-snmp-mibs-5.0.9-1.1.91mdk.i586.rpm
 929f3dd50d536bffc799be385a4ae059  9.1/RPMS/net-snmp-trapd-5.0.9-1.1.91mdk.i586.rpm
 1bedb204ed5022ef03d149b27e4f10e6  9.1/RPMS/net-snmp-utils-5.0.9-1.1.91mdk.i586.rpm
 1d1c04cf98bdd6331c30bf2343ab5055  9.1/SRPMS/net-snmp-5.0.9-1.1.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 5e1314be52c4ff9371d601dc8fc28b45  ppc/9.1/RPMS/libnet-snmp50-5.0.9-1.1.91mdk.ppc.rpm
 c8428fc1baa7946710f55b4fb426a988  ppc/9.1/RPMS/libnet-snmp50-devel-5.0.9-1.1.91mdk.ppc.rpm
 a87b98b1104a746f2ef7ce9cc766ac60  ppc/9.1/RPMS/libnet-snmp50-static-devel-5.0.9-1.1.91mdk.ppc.rpm
 8c7c7defcc219dda2794da567086de24  ppc/9.1/RPMS/net-snmp-5.0.9-1.1.91mdk.ppc.rpm
 72d8dd8b71e93bcc281e3056f199ab70  ppc/9.1/RPMS/net-snmp-mibs-5.0.9-1.1.91mdk.ppc.rpm
 cdd0a5cd9efb705df988ddcc85e52499  ppc/9.1/RPMS/net-snmp-trapd-5.0.9-1.1.91mdk.ppc.rpm
 2e0bdfc2e5384c92bb5d6b2cc4419b76  ppc/9.1/RPMS/net-snmp-utils-5.0.9-1.1.91mdk.ppc.rpm
 1d1c04cf98bdd6331c30bf2343ab5055  ppc/9.1/SRPMS/net-snmp-5.0.9-1.1.91mdk.src.rpm

 Mandrake Linux 9.2:
 5d28838d19980d8177c7e1146bcbde35  9.2/RPMS/libnet-snmp50-5.0.9-7.1.92mdk.i586.rpm
 00f16743798e4746869bf7d781126ba9  9.2/RPMS/libnet-snmp50-devel-5.0.9-7.1.92mdk.i586.rpm
 ab062cf4ba39d90bd4c931716d41778c  9.2/RPMS/libnet-snmp50-static-devel-5.0.9-7.1.92mdk.i586.rpm
 834189f2970ca25900b38e3d298274a2  9.2/RPMS/net-snmp-5.0.9-7.1.92mdk.i586.rpm
 08423d5dfb0a95506c64ff30f8cc2af4  9.2/RPMS/net-snmp-mibs-5.0.9-7.1.92mdk.i586.rpm
 622f36315b5cc571de0dfd4b7ce56a74  9.2/RPMS/net-snmp-trapd-5.0.9-7.1.92mdk.i586.rpm
 369c61cc14bf6d6328b5be44be3fda8f  9.2/RPMS/net-snmp-utils-5.0.9-7.1.92mdk.i586.rpm
 69c891fa5ca7f48b527defa59f9dc305  9.2/SRPMS/net-snmp-5.0.9-7.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/2bPOmqjQ0CJFipgRAjWaAJ9ehRhlZjOvodNRHCdfShtoWV20/QCgqHN4
G2Ina54x2GX+mZfjS4Kmfzg=
=uoUb
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iQEVAwUBP93Z6eI9ttyl3QPRAQEpRQf+Kuao64Q7JRXQmCR/BawROq0qrJoRO5nM
bFCyyx+HEa+HYuhzICbBA55SIwuP5lZ075Gxr02r+sIrnh4Dheaa+L3QZqfoxp7X
BLNVi2L5wgwgU4XiF4pDSb7zADvAgxEHxufFKgHjkg79IKDBRKDxYYeNfYaKSGkx
Bub11SdB5VOOqi2DKeJOMhrXSauaYi9n8yGiY/jzx7hMueA81UQLopW6gdiM0FaI
2EGzPBTgiV04Q5uM1A7aXtLySFCi24JECMk8Qdz0dFjnDUCxQHQ32ABfVs/iLL5c
KkZknM5zpyZQQrCKXed/+QlZ0gv7zP3Onj8N+UJbyPMtX2d64jXh2w==
=nkyJ
-----END PGP SIGNATURE-----
Prev by Date: [Cisco] Buffer Overflow in ACNS
Next by Date: [SuSE] Schwachstelle in lftp - SuSE-SA:2003:051
Previous by thread: [Cisco] Buffer Overflow in ACNS
Next by thread: [SuSE] Schwachstelle in lftp - SuSE-SA:2003:051
Index(es):
- Date
- Thread