Test ID:	1.3.6.1.4.1.25623.1.0.60142
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-564-1 (net-snmp)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to net-snmp announced via advisory USN-564-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: snmpd 5.2.1.2-4ubuntu2.2 Ubuntu 6.10: snmpd 5.2.2-5ubuntu1.1 Ubuntu 7.04: snmpd 5.2.3-4ubuntu1.1 Ubuntu 7.10: snmpd 5.3.1-6ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-564-1 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5846 1018918 http://www.securitytracker.com/id?1018918 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus http://www.securityfocus.com/archive/1/490917/100/0/threaded 26378 http://www.securityfocus.com/bid/26378 27558 http://secunia.com/advisories/27558 27685 http://secunia.com/advisories/27685 27689 http://secunia.com/advisories/27689 27733 http://secunia.com/advisories/27733 27740 http://secunia.com/advisories/27740 27965 http://secunia.com/advisories/27965 28413 http://secunia.com/advisories/28413 28825 http://secunia.com/advisories/28825 29785 http://secunia.com/advisories/29785 38904 http://osvdb.org/38904 ADV-2007-3802 http://www.vupen.com/english/advisories/2007/3802 ADV-2008-1234 http://www.vupen.com/english/advisories/2008/1234/references DSA-1483 http://www.debian.org/security/2008/dsa-1483 FEDORA-2007-3019 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00613.html GLSA-200711-31 http://security.gentoo.org/glsa/glsa-200711-31.xml MDKSA-2007:225 http://www.mandriva.com/security/advisories?name=MDKSA-2007:225 RHSA-2007:1045 http://www.redhat.com/support/errata/RHSA-2007-1045.html SUSE-SR:2007:025 http://www.novell.com/linux/security/advisories/2007_25_sr.html USN-564-1 http://www.ubuntu.com/usn/usn-564-1 [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://bugs.gentoo.org/show_bug.cgi?id=198346 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log http://sourceforge.net/project/shownotes.php?release_id=528095&group_id=12694 http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 oval:org.mitre.oval:def:11258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11258
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.