Debian Security Advisory

DSA-111-1 ucd-snmp -- remote exploit

Date Reported:
14 Feb 2002
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2002-012, CVE-2002-013.
CERT's vulnerabilities, advisories and incident notes: VU#854306, VU#107186, CA-2002-03.
More information:

The Secure Programming Group of the Oulu University did a study on SNMP implementations and uncovered multiple problems which can cause problems ranging from Denial of Service attacks to remote exploits.

New UCD-SNMP packages have been prepared to fix these problems as well as a few others. The complete list of fixed problems is:

  • When running external programs snmpd used temporary files insecurely
  • snmpd did not properly reset supplementary groups after changing its uid and gid
  • Modified most code to use buffers instead of fixed-length strings to prevent buffer overflows
  • The ASN.1 parser did not check for negative lengths
  • The IFINDEX response handling in snmpnetstat did not do a sanity check on its input

(thanks to Caldera for most of the work on those patches)

The new version is 4.1.1-2.1 and we recommend you upgrade your snmp packages immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Intel IA-32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.