Security Advisory Moderate: ucd-snmp security update

Advisory: RHSA-2008:0528-4
Type: Security Advisory
Severity: Moderate
Issued on: 2008-06-10
Last updated on: 2008-06-10
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-0960

Details

Updated ucd-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash
Message Authentication Code (HMAC). An attacker could use this flaw to
spoof an authenticated SNMPv3 packet. (CVE-2008-0960)

All users of ucd-snmp should upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
ucd-snmp-4.2.5-8.AS21.7.src.rpm     96105b05795d204e452417eb0c61f119
 
IA-32:
ucd-snmp-4.2.5-8.AS21.7.i386.rpm     fddcac555f2645d789fb63753cb1e04d
ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm     322e16f8f1f6be4aacc4e2ce0e44857b
ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm     79aa8b7dc4b23f9258764b8d2c2c0111
 
IA-64:
ucd-snmp-4.2.5-8.AS21.7.ia64.rpm     06c86ec94ca74dbdc89c03f5942e947b
ucd-snmp-devel-4.2.5-8.AS21.7.ia64.rpm     3591872f1f04595229b38bc0f266599c
ucd-snmp-utils-4.2.5-8.AS21.7.ia64.rpm     9bbefaebb1b8232d8e80754f7ca5c882
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
ucd-snmp-4.2.5-8.AS21.7.src.rpm     96105b05795d204e452417eb0c61f119
 
IA-32:
ucd-snmp-4.2.5-8.AS21.7.i386.rpm     fddcac555f2645d789fb63753cb1e04d
ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm     322e16f8f1f6be4aacc4e2ce0e44857b
ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm     79aa8b7dc4b23f9258764b8d2c2c0111
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
ucd-snmp-4.2.5-8.AS21.7.src.rpm     96105b05795d204e452417eb0c61f119
 
IA-32:
ucd-snmp-4.2.5-8.AS21.7.i386.rpm     fddcac555f2645d789fb63753cb1e04d
ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm     322e16f8f1f6be4aacc4e2ce0e44857b
ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm     79aa8b7dc4b23f9258764b8d2c2c0111
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
ucd-snmp-4.2.5-8.AS21.7.src.rpm     96105b05795d204e452417eb0c61f119
 
IA-64:
ucd-snmp-4.2.5-8.AS21.7.ia64.rpm     06c86ec94ca74dbdc89c03f5942e947b
ucd-snmp-devel-4.2.5-8.AS21.7.ia64.rpm     3591872f1f04595229b38bc0f266599c
ucd-snmp-utils-4.2.5-8.AS21.7.ia64.rpm     9bbefaebb1b8232d8e80754f7ca5c882
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

447974 - CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/