Debian-Sicherheitsankündigung
DSA-1483-1 net-snmp -- Design-Fehler
- Datum des Berichts:
- 06. Feb 2008
- Betroffene Pakete:
- net-snmp
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In Mitres CVE-Verzeichnis: CVE-2007-5846.
- Weitere Informationen:
-
Der SNMP-Agent (snmp_agent.c) in net-snmp vor 5.4.1 ermöglicht entfernten Angreifern die Auslösung einer Diensteverweigerung (
denial of service
) (CPU- und Speicherbelegung) mittels einer GETBULK-Anfrage mit einem großenmax-repeaters
-Wert.Für die Stable-Distribution (Etch) wurde dieses Problem in Version 5.2.3-7etch2 behoben.
Für die Unstable- und Testing-Distribution (Sid bzw. Lenny) wurde dieses Problem in Version 5.4.1~dfsg-2 behoben.
Wir empfehlen Ihnen, Ihr net-snmp-Paket zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 4.0 (etch)
- Quellcode:
- http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.diff.gz
- http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.dsc
- http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.dsc
- Architektur-unabhängige Dateien:
- http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch2_all.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch2_all.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_alpha.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_alpha.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_alpha.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_alpha.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_alpha.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_amd64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_amd64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_amd64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_amd64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_amd64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_arm.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_arm.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_arm.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_arm.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_arm.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_i386.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_i386.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_i386.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_i386.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_i386.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_ia64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_ia64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_ia64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_ia64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_ia64.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mips.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mips.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mips.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mips.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mips.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_s390.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_s390.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_s390.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_s390.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_s390.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_sparc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_sparc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_sparc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_sparc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_sparc.deb
- http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.