Skip to navigation

Security Advisory Moderate: net-snmp security update

Advisory: RHSA-2009:1124-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-25
Last updated on: 2009-06-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2009-1887

Details

Updated net-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker
could issue a specially-crafted GETBULK request that could crash the snmpd
daemon. (CVE-2009-1887)

Note: An attacker must have read access to the SNMP server in order to
exploit this flaw. In the default configuration, the community name
"public" grants read-only access. In production deployments, it is
recommended to change this default community name.

All net-snmp users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update, the
snmpd and snmptrapd daemons will be restarted automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/SRPMS/net-snmp-5.0.9-2.30E.28.src.rpm
Missing file		     MD5: 6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/i386/net-snmp-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 44060ca01cf9024b9ee00adc236f4003
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/i386/net-snmp-devel-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 9efbe72b1a6b8ae12f6f9a13b514039b
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/i386/net-snmp-perl-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: c6f12a971e34afac9fcbf17e8a6c832a
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/i386/net-snmp-utils-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: b1dd64f73ecf0a17600a36f55265aae5
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/x86_64/net-snmp-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: bbb5f988c8f0653ef1dcf0874e3e3c11
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/x86_64/net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b2c19ac0b23d031b868bf44ac2a8f249
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/x86_64/net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b863fe363543af2e5455855194137e1e
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/x86_64/net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 9efbe703633cac965d488a61e5259a2d
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/x86_64/net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/SRPMS/net-snmp-5.0.9-2.30E.28.src.rpm
Missing file		     MD5: 6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/i386/net-snmp-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 44060ca01cf9024b9ee00adc236f4003
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/i386/net-snmp-devel-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 9efbe72b1a6b8ae12f6f9a13b514039b
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/i386/net-snmp-perl-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: c6f12a971e34afac9fcbf17e8a6c832a
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/i386/net-snmp-utils-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/ia64/net-snmp-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 2a2550228984ee690287695f7c2979f8
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/ia64/net-snmp-devel-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 6d6c27693047233edaf4277976a5043f
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/ia64/net-snmp-libs-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 4e4bf495029d7beb2f7503522aa8a5e5
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/ia64/net-snmp-perl-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 0f78660d74d824f61ff1ab85482ec329
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/ia64/net-snmp-utils-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 84d436f2e1dd253a3f6a9461a6c94705
 
PPC:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/ppc/net-snmp-5.0.9-2.30E.28.ppc.rpm
Missing file		     MD5: 98a8f804d297eb6997ab83c1108e3611
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/ppc/net-snmp-devel-5.0.9-2.30E.28.ppc.rpm
Missing file		     MD5: e57a0664ee5bb0b6e6f38675d4ff63ea
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/ppc/net-snmp-libs-5.0.9-2.30E.28.ppc.rpm
Missing file		     MD5: b026dd33f5128f33c8d488b7eec350f1
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/ppc64/net-snmp-libs-5.0.9-2.30E.28.ppc64.rpm
Missing file		     MD5: 581b4665422806e9d66e2afa4de99b19
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/ppc/net-snmp-perl-5.0.9-2.30E.28.ppc.rpm
Missing file		     MD5: e500c71eba5d0f613889e38eaa8c2cac
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/ppc/net-snmp-utils-5.0.9-2.30E.28.ppc.rpm
Missing file		     MD5: fe8b684301df9c0a28deb6a2aea00e46
 
s390:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/s390/net-snmp-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: c0c437c7222351147e982c18c00d89e2
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/s390/net-snmp-devel-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: 88a859c4141188ef65acedcf492daf0b
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/s390/net-snmp-libs-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: 7e6d433eafd9d5a475993042d32631cc
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/s390/net-snmp-perl-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: 205271c6e8b73a4b6a0cfbbfe7597a4d
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/s390/net-snmp-utils-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: 8f61e7125fc4b2d7584e33f093fa8990
 
s390x:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/s390x/net-snmp-5.0.9-2.30E.28.s390x.rpm
Missing file		     MD5: f560f9fd7759c0692b49e455a53121fd
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/s390x/net-snmp-devel-5.0.9-2.30E.28.s390x.rpm
Missing file		     MD5: ac3d2e2666d1e128e3e87169c04c6dea
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/s390/net-snmp-libs-5.0.9-2.30E.28.s390.rpm
Missing file		     MD5: 7e6d433eafd9d5a475993042d32631cc
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/s390x/net-snmp-libs-5.0.9-2.30E.28.s390x.rpm
Missing file		     MD5: 9d26720409dfd00f4b9a58daec223b9a
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/s390x/net-snmp-perl-5.0.9-2.30E.28.s390x.rpm
Missing file		     MD5: 70f3edcea20627d467fa2e001fa5a387
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/s390x/net-snmp-utils-5.0.9-2.30E.28.s390x.rpm
Missing file		     MD5: 42b41f064c0dcd727cb14183e8854b5d
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/x86_64/net-snmp-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: bbb5f988c8f0653ef1dcf0874e3e3c11
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/x86_64/net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b2c19ac0b23d031b868bf44ac2a8f249
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/x86_64/net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b863fe363543af2e5455855194137e1e
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/x86_64/net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 9efbe703633cac965d488a61e5259a2d
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/x86_64/net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/SRPMS/net-snmp-5.0.9-2.30E.28.src.rpm
Missing file		     MD5: 6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/i386/net-snmp-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 44060ca01cf9024b9ee00adc236f4003
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/i386/net-snmp-devel-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 9efbe72b1a6b8ae12f6f9a13b514039b
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/i386/net-snmp-perl-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: c6f12a971e34afac9fcbf17e8a6c832a
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/i386/net-snmp-utils-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/ia64/net-snmp-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 2a2550228984ee690287695f7c2979f8
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/ia64/net-snmp-devel-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 6d6c27693047233edaf4277976a5043f
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/ia64/net-snmp-libs-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 4e4bf495029d7beb2f7503522aa8a5e5
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/ia64/net-snmp-perl-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 0f78660d74d824f61ff1ab85482ec329
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/ia64/net-snmp-utils-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 84d436f2e1dd253a3f6a9461a6c94705
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/x86_64/net-snmp-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: bbb5f988c8f0653ef1dcf0874e3e3c11
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/x86_64/net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b2c19ac0b23d031b868bf44ac2a8f249
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/x86_64/net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b863fe363543af2e5455855194137e1e
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/x86_64/net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 9efbe703633cac965d488a61e5259a2d
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/x86_64/net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 2a50fee0bfb6c519c29ad8a2cec270a6
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/SRPMS/net-snmp-5.0.9-2.30E.28.src.rpm
Missing file		     MD5: 6d1cc8434b5c7f65386eb736d5aa26af
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/i386/net-snmp-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 44060ca01cf9024b9ee00adc236f4003
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/i386/net-snmp-devel-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 9efbe72b1a6b8ae12f6f9a13b514039b
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/i386/net-snmp-perl-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: c6f12a971e34afac9fcbf17e8a6c832a
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/i386/net-snmp-utils-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: b1dd64f73ecf0a17600a36f55265aae5
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/ia64/net-snmp-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 2a2550228984ee690287695f7c2979f8
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/ia64/net-snmp-devel-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 6d6c27693047233edaf4277976a5043f
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/ia64/net-snmp-libs-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 4e4bf495029d7beb2f7503522aa8a5e5
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/ia64/net-snmp-perl-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 0f78660d74d824f61ff1ab85482ec329
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/ia64/net-snmp-utils-5.0.9-2.30E.28.ia64.rpm
Missing file		     MD5: 84d436f2e1dd253a3f6a9461a6c94705
 
x86_64:
ftp://updates.redhat.com/rhn/public/NULL/net-snmp/5.0.9-2.30E.28/x86_64/net-snmp-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: bbb5f988c8f0653ef1dcf0874e3e3c11
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-devel/5.0.9-2.30E.28/x86_64/net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b2c19ac0b23d031b868bf44ac2a8f249
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/i386/net-snmp-libs-5.0.9-2.30E.28.i386.rpm
Missing file		     MD5: 25496974328cbfb1e3c0e82be6cb8052
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-libs/5.0.9-2.30E.28/x86_64/net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: b863fe363543af2e5455855194137e1e
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-perl/5.0.9-2.30E.28/x86_64/net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 9efbe703633cac965d488a61e5259a2d
ftp://updates.redhat.com/rhn/public/NULL/net-snmp-utils/5.0.9-2.30E.28/x86_64/net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm
Missing file		     MD5: 2a50fee0bfb6c519c29ad8a2cec270a6
 

Bugs fixed (see bugzilla for more information)

506903 - CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests


References

https://www.redhat.com/security/data/cve/CVE-2009-1887.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/