| Description: | Description:
The remote host is missing an update to net-snmp
announced via advisory FEDORA-2008-9367.
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.
Building option:
--without tcp_wrappers : disable tcp_wrappers support
ChangeLog:
* Tue Jul 22 2008 Jan Safranek 5.4.1-19
- fix perl SNMP::Session::set (#452131)
- support interface names longer than 8 characters (#468045)
- explicitly require the right version and release of net-snmp and
net-snmp-libs
- fix CVE-2008-4309
* Tue Jun 10 2008 Jan Safranek 5.4.1-18
- explicitly require lm_sensor > 3 for build (#442718)
- fix various flaws (CVE-2008-2292 CVE-2008-0960)
References:
[ 1 ] Bug #469349 - CVE-2008-4309 net-snmp: numresponses calculation integer overflow in snmp_agent.c
https://bugzilla.redhat.com/show_bug.cgi?id=469349
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update net-snmp' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9367
Risk factor : Critical
CVSS Score:
10.0
|
