| Description: | Description:
The remote host is missing an update to net-snmp
announced via advisory FEDORA-2005-561.
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.
Building option:
--without tcp_wrappers : disable tcp_wrappers support
Update Information:
A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agents which
have opened a stream based protocol (EG, TCP but not UDP
it should be
noted that Net-SNMP does not by default open a TCP port).
http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
* Wed Jul 13 2005 Radek Vokal - 5.2.1.2-fc4.1
- CVE-2005-2177 new upstream version fixing DoS (#162908)
* Tue May 31 2005 Radek Vokal - 5.2.1-13
- CVE-2005-1740 net-snmp insecure temporary file usage (#158770)
- patch from suse.de
Solution: Apply the appropriate updates.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-561
Risk factor : Critical
CVSS Score:
10.0
|
