Package : ucd-snmp Problem type : remote exploit Debian-specific: no CERT Advisory : CA-2002-03
The Secure Programming Group of the Oulu University did a study on SNMP implementations and uncovered multiple problems which can cause problems ranging from Denial of Service attacks to remote exploits.
New UCD-SNMP packages have been prepared to fix these problems as well as a few others. The complete list of fixed problems is:
* When running external programs snmpd used temporary files insecurely * snmpd did not properly reset supplementary groups after changing its uid and gid * Modified most code to use buffers instead of fixed-length strings to prevent buffer overflows * The ASN.1 parser did not check for negative lengths * the IFINDEX response handling in snmpnetstat did not do a sanity check on its input
(thanks to Caldera for most of the work on those patches)
The new version is 4.1.1-2.1 and we recommend you upgrade your snmp packages immediately.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
Debian GNU/Linux 2.2 alias potato ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.