Package : ucd-snmp
Problem type : remote exploit
CERT Advisory : CA-2002-03
The Secure Programming Group of the Oulu University did a study on
SNMP implementations and uncovered multiple problems which can
cause problems ranging from Denial of Service attacks to remote
New UCD-SNMP packages have been prepared to fix these problems
as well as a few others. The complete list of fixed problems is:
* When running external programs snmpd used temporary files insecurely
* snmpd did not properly reset supplementary groups after changing
its uid and gid
* Modified most code to use buffers instead of fixed-length strings to
prevent buffer overflows
* The ASN.1 parser did not check for negative lengths
* the IFINDEX response handling in snmpnetstat did not do a sanity check
on its input
(thanks to Caldera for most of the work on those patches)
The new version is 4.1.1-2.1 and we recommend you upgrade your
snmp packages immediately.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.