Security Advisory Moderate: net-snmp security update

Advisory: RHSA-2009:1124-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-25
Last updated on: 2009-06-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20091124.xml
CVEs (cve.mitre.org): CVE-2009-1887

Details

Updated net-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker
could issue a specially-crafted GETBULK request that could crash the snmpd
daemon. (CVE-2009-1887)

Note: An attacker must have read access to the SNMP server in order to
exploit this flaw. In the default configuration, the community name
"public" grants read-only access. In production deployments, it is
recommended to change this default community name.

All net-snmp users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update, the
snmpd and snmptrapd daemons will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
net-snmp-5.0.9-2.30E.28.src.rpm     6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
net-snmp-5.0.9-2.30E.28.i386.rpm     44060ca01cf9024b9ee00adc236f4003
net-snmp-devel-5.0.9-2.30E.28.i386.rpm     9efbe72b1a6b8ae12f6f9a13b514039b
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-perl-5.0.9-2.30E.28.i386.rpm     c6f12a971e34afac9fcbf17e8a6c832a
net-snmp-utils-5.0.9-2.30E.28.i386.rpm     b1dd64f73ecf0a17600a36f55265aae5
 
x86_64:
net-snmp-5.0.9-2.30E.28.x86_64.rpm     bbb5f988c8f0653ef1dcf0874e3e3c11
net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm     b2c19ac0b23d031b868bf44ac2a8f249
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm     b863fe363543af2e5455855194137e1e
net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm     9efbe703633cac965d488a61e5259a2d
net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm     2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
net-snmp-5.0.9-2.30E.28.src.rpm     6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
net-snmp-5.0.9-2.30E.28.i386.rpm     44060ca01cf9024b9ee00adc236f4003
net-snmp-devel-5.0.9-2.30E.28.i386.rpm     9efbe72b1a6b8ae12f6f9a13b514039b
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-perl-5.0.9-2.30E.28.i386.rpm     c6f12a971e34afac9fcbf17e8a6c832a
net-snmp-utils-5.0.9-2.30E.28.i386.rpm     b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
net-snmp-5.0.9-2.30E.28.ia64.rpm     2a2550228984ee690287695f7c2979f8
net-snmp-devel-5.0.9-2.30E.28.ia64.rpm     6d6c27693047233edaf4277976a5043f
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.ia64.rpm     4e4bf495029d7beb2f7503522aa8a5e5
net-snmp-perl-5.0.9-2.30E.28.ia64.rpm     0f78660d74d824f61ff1ab85482ec329
net-snmp-utils-5.0.9-2.30E.28.ia64.rpm     84d436f2e1dd253a3f6a9461a6c94705
 
PPC:
net-snmp-5.0.9-2.30E.28.ppc.rpm     98a8f804d297eb6997ab83c1108e3611
net-snmp-devel-5.0.9-2.30E.28.ppc.rpm     e57a0664ee5bb0b6e6f38675d4ff63ea
net-snmp-libs-5.0.9-2.30E.28.ppc.rpm     b026dd33f5128f33c8d488b7eec350f1
net-snmp-libs-5.0.9-2.30E.28.ppc64.rpm     581b4665422806e9d66e2afa4de99b19
net-snmp-perl-5.0.9-2.30E.28.ppc.rpm     e500c71eba5d0f613889e38eaa8c2cac
net-snmp-utils-5.0.9-2.30E.28.ppc.rpm     fe8b684301df9c0a28deb6a2aea00e46
 
s390:
net-snmp-5.0.9-2.30E.28.s390.rpm     c0c437c7222351147e982c18c00d89e2
net-snmp-devel-5.0.9-2.30E.28.s390.rpm     88a859c4141188ef65acedcf492daf0b
net-snmp-libs-5.0.9-2.30E.28.s390.rpm     7e6d433eafd9d5a475993042d32631cc
net-snmp-perl-5.0.9-2.30E.28.s390.rpm     205271c6e8b73a4b6a0cfbbfe7597a4d
net-snmp-utils-5.0.9-2.30E.28.s390.rpm     8f61e7125fc4b2d7584e33f093fa8990
 
s390x:
net-snmp-5.0.9-2.30E.28.s390x.rpm     f560f9fd7759c0692b49e455a53121fd
net-snmp-devel-5.0.9-2.30E.28.s390x.rpm     ac3d2e2666d1e128e3e87169c04c6dea
net-snmp-libs-5.0.9-2.30E.28.s390.rpm     7e6d433eafd9d5a475993042d32631cc
net-snmp-libs-5.0.9-2.30E.28.s390x.rpm     9d26720409dfd00f4b9a58daec223b9a
net-snmp-perl-5.0.9-2.30E.28.s390x.rpm     70f3edcea20627d467fa2e001fa5a387
net-snmp-utils-5.0.9-2.30E.28.s390x.rpm     42b41f064c0dcd727cb14183e8854b5d
 
x86_64:
net-snmp-5.0.9-2.30E.28.x86_64.rpm     bbb5f988c8f0653ef1dcf0874e3e3c11
net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm     b2c19ac0b23d031b868bf44ac2a8f249
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm     b863fe363543af2e5455855194137e1e
net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm     9efbe703633cac965d488a61e5259a2d
net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm     2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
net-snmp-5.0.9-2.30E.28.src.rpm     6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
net-snmp-5.0.9-2.30E.28.i386.rpm     44060ca01cf9024b9ee00adc236f4003
net-snmp-devel-5.0.9-2.30E.28.i386.rpm     9efbe72b1a6b8ae12f6f9a13b514039b
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-perl-5.0.9-2.30E.28.i386.rpm     c6f12a971e34afac9fcbf17e8a6c832a
net-snmp-utils-5.0.9-2.30E.28.i386.rpm     b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
net-snmp-5.0.9-2.30E.28.ia64.rpm     2a2550228984ee690287695f7c2979f8
net-snmp-devel-5.0.9-2.30E.28.ia64.rpm     6d6c27693047233edaf4277976a5043f
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.ia64.rpm     4e4bf495029d7beb2f7503522aa8a5e5
net-snmp-perl-5.0.9-2.30E.28.ia64.rpm     0f78660d74d824f61ff1ab85482ec329
net-snmp-utils-5.0.9-2.30E.28.ia64.rpm     84d436f2e1dd253a3f6a9461a6c94705
 
x86_64:
net-snmp-5.0.9-2.30E.28.x86_64.rpm     bbb5f988c8f0653ef1dcf0874e3e3c11
net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm     b2c19ac0b23d031b868bf44ac2a8f249
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm     b863fe363543af2e5455855194137e1e
net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm     9efbe703633cac965d488a61e5259a2d
net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm     2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
net-snmp-5.0.9-2.30E.28.src.rpm     6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
net-snmp-5.0.9-2.30E.28.i386.rpm     44060ca01cf9024b9ee00adc236f4003
net-snmp-devel-5.0.9-2.30E.28.i386.rpm     9efbe72b1a6b8ae12f6f9a13b514039b
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-perl-5.0.9-2.30E.28.i386.rpm     c6f12a971e34afac9fcbf17e8a6c832a
net-snmp-utils-5.0.9-2.30E.28.i386.rpm     b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
net-snmp-5.0.9-2.30E.28.ia64.rpm     2a2550228984ee690287695f7c2979f8
net-snmp-devel-5.0.9-2.30E.28.ia64.rpm     6d6c27693047233edaf4277976a5043f
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.ia64.rpm     4e4bf495029d7beb2f7503522aa8a5e5
net-snmp-perl-5.0.9-2.30E.28.ia64.rpm     0f78660d74d824f61ff1ab85482ec329
net-snmp-utils-5.0.9-2.30E.28.ia64.rpm     84d436f2e1dd253a3f6a9461a6c94705
 
x86_64:
net-snmp-5.0.9-2.30E.28.x86_64.rpm     bbb5f988c8f0653ef1dcf0874e3e3c11
net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm     b2c19ac0b23d031b868bf44ac2a8f249
net-snmp-libs-5.0.9-2.30E.28.i386.rpm     25496974328cbfb1e3c0e82be6cb8052
net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm     b863fe363543af2e5455855194137e1e
net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm     9efbe703633cac965d488a61e5259a2d
net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm     2a50fee0bfb6c519c29ad8a2cec270a6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

506903 - CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/