Vulnerability Bulletins |
Vulnerabilidad en las versiones anteriores a la 5.0.9 de Net-SNMP |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Net-SNMP< Net-SNMP 5.0.9 |
Description |
|
|
Se ha descubierto una vulnerabilidad en el paquete Net-SNMP (versiones anteriores a la 5.0.9 ) en sistemas Linux. La explotación de esta vulnerabilidad puede permitir que un atacante remoto consiga información sobre el sistema. Net-SNMP (formalmente conocido como "ucd-snmp") es una implementación Open Source de la herramienta SNMP y es usada en la mayoría de las distribuciones Linux. |
|
Solution |
|
|
1.-Actualizar Net-SNMP con la versión 5.0.9 Net-SNMP http://sourceforge.net/forum/forum.php?forum_id=308015 2 - Aplicar los parches para Linux Linux RedHat 8.0 i386 : net-snmp-5.0.9-2.80.1.i386.rpm net-snmp-devel-5.0.9-2.80.1.i386.rpm net-snmp-perl-5.0.9-2.80.1.i386.rpm net-snmp-utils-5.0.9-2.80.1.i386.rpm ftp://updates.redhat.com/8.0/en/os/ Linux RedHat 9 i386 : net-snmp-5.0.9-2.90.1.i386.rpm net-snmp-devel-5.0.9-2.90.1.i386.rpm net-snmp-perl-5.0.9-2.90.1.i386.rpm net-snmp-utils-5.0.9-2.90.1.i386.rpm ftp://updates.redhat.com/9/en/os/ Mandrake Mandrake Linux 9.1 9.1/RPMS/libnet-snmp50-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/libnet-snmp50-devel-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/libnet-snmp50-static-devel-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/net-snmp-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/net-snmp-mibs-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/net-snmp-trapd-5.0.9-1.1.91mdk.i586.rpm 9.1/RPMS/net-snmp-utils-5.0.9-1.1.91mdk.i586.rpm Mandrake Linux 9.1/PPC ppc/9.1/RPMS/libnet-snmp50-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/libnet-snmp50-devel-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/libnet-snmp50-static-devel-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/net-snmp-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/net-snmp-mibs-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/net-snmp-trapd-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/RPMS/net-snmp-utils-5.0.9-1.1.91mdk.ppc.rpm ppc/9.1/SRPMS/net-snmp-5.0.9-1.1.91mdk.src.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates Mandrake Linux 9.2 9.2/RPMS/libnet-snmp50-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/libnet-snmp50-devel-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/libnet-snmp50-static-devel-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/net-snmp-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/net-snmp-mibs-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/net-snmp-trapd-5.0.9-7.1.92mdk.i586.rpm 9.2/RPMS/net-snmp-utils-5.0.9-7.1.92mdk.i586.rpm 9.2/SRPMS/net-snmp-5.0.9-7.1.92mdk.src.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2003-0935 |
| BID | |
Other resources |
|
|
Linux RedHat security advisory RHSA-2003-335-01 http://www.redhat.com/archives/redhat-watch-list/2003-December/msg00001.html Linux Mandrake security advisory MDKSA-2003:115 dated December 11, 2003 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:115 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-12-05 |