Package: ucd-snmp
Severity: critical
Tags: security patch
Hello
According to
http://online.securityfocus.com/bid/14168/references
other vendors also updated their ucd-snmp packages due to the recent
security bug in net-snmp (which was based upon ucd-snmp).
The patch that Connectiva used looks quite simple:
--- ucd-snmp-4.2.5/snmplib/snmp_api.c.DoS 2005-08-03 17:16:17.000000000
+0200
+++ ucd-snmp-4.2.5/snmplib/snmp_api.c 2005-08-03 17:22:12.000000000 +0200
@@ -4120,7 +4120,7 @@
else
isp->proper_len = asn_check_packet(isp->packet, isp->packet_len);
- if (isp->proper_len > MAX_PACKET_LENGTH) {
+ if (isp->proper_len > MAX_PACKET_LENGTH || isp->proper_len < 0) {
/* illegal length, drop the connection */
snmp_log(LOG_ERR,"Maximum packet size exceeded in a request.\n");
isp->sd = -1;
bye,
-christian-
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set
to [EMAIL PROTECTED])
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
