Denial of Service-Attacke gegen net-snmp
ID: | |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Di, 15. Oktober 2002, 13:00 |
Referenzen: | Keine Angabe |
Applikationen: | Net-SNMP |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT -------------------------------------------------------------------- PACKAGE :net-snmp SUMMARY :Denial of service DATE :2002-10-14 08:00 UTC -------------------------------------------------------------------- The SNMP daemon included in the Net-SNMP package can be crashed if it attempts to process a specially crafted packet. Exploitation requires foreknowledge of a known SNMP community string (either read or read/write). This issue potentially affects any Net-SNMP installation in which the "public" read-only community string has not been changed. Read the full advisory at http://www.idefense.com/advisory/10.02.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/net-snmp-5.0.2a and earlier update their systems as follows: emerge rsync emerge net-snmp emerge clean -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qnpxfT7nyhUpoZMRAr8VAJ9NwwO9ymOe6V66qGre6wdnJ2kOTACgulqf CKtVjHMlHd5/lFs31IBCyno= =KVPU -----END PGP SIGNATURE----- _______________________________________________ gentoo-announce mailing list gentoo-announce@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-announce _______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security |