Security Advisory Moderate: ucd-snmp security update

Advisory: RHSA-2008:0528-4
Type: Security Advisory
Severity: Moderate
Issued on: 2008-06-10
Last updated on: 2008-06-10
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2008-0960

Details

Updated ucd-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A flaw was found in the way ucd-snmp checked an SNMPv3 packet's Keyed-Hash
Message Authentication Code (HMAC). An attacker could use this flaw to
spoof an authenticated SNMPv3 packet. (CVE-2008-0960)

All users of ucd-snmp should upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/SRPMS/ucd-snmp-4.2.5-8.AS21.7.src.rpm
Missing file
    MD5: 96105b05795d204e452417eb0c61f119
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/i386/ucd-snmp-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: fddcac555f2645d789fb63753cb1e04d
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-devel/4.2.5-8.AS21.7/i386/ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 322e16f8f1f6be4aacc4e2ce0e44857b
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-utils/4.2.5-8.AS21.7/i386/ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 79aa8b7dc4b23f9258764b8d2c2c0111
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/ia64/ucd-snmp-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 06c86ec94ca74dbdc89c03f5942e947b
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-devel/4.2.5-8.AS21.7/ia64/ucd-snmp-devel-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 3591872f1f04595229b38bc0f266599c
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-utils/4.2.5-8.AS21.7/ia64/ucd-snmp-utils-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 9bbefaebb1b8232d8e80754f7ca5c882
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/SRPMS/ucd-snmp-4.2.5-8.AS21.7.src.rpm
Missing file
    MD5: 96105b05795d204e452417eb0c61f119
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/i386/ucd-snmp-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: fddcac555f2645d789fb63753cb1e04d
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-devel/4.2.5-8.AS21.7/i386/ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 322e16f8f1f6be4aacc4e2ce0e44857b
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-utils/4.2.5-8.AS21.7/i386/ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 79aa8b7dc4b23f9258764b8d2c2c0111
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/SRPMS/ucd-snmp-4.2.5-8.AS21.7.src.rpm
Missing file
    MD5: 96105b05795d204e452417eb0c61f119
 
IA-32:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/i386/ucd-snmp-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: fddcac555f2645d789fb63753cb1e04d
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-devel/4.2.5-8.AS21.7/i386/ucd-snmp-devel-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 322e16f8f1f6be4aacc4e2ce0e44857b
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-utils/4.2.5-8.AS21.7/i386/ucd-snmp-utils-4.2.5-8.AS21.7.i386.rpm
Missing file
    MD5: 79aa8b7dc4b23f9258764b8d2c2c0111
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/SRPMS/ucd-snmp-4.2.5-8.AS21.7.src.rpm
Missing file
    MD5: 96105b05795d204e452417eb0c61f119
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp/4.2.5-8.AS21.7/ia64/ucd-snmp-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 06c86ec94ca74dbdc89c03f5942e947b
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-devel/4.2.5-8.AS21.7/ia64/ucd-snmp-devel-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 3591872f1f04595229b38bc0f266599c
ftp://updates.redhat.com/rhn/public/NULL/ucd-snmp-utils/4.2.5-8.AS21.7/ia64/ucd-snmp-utils-4.2.5-8.AS21.7.ia64.rpm
Missing file
    MD5: 9bbefaebb1b8232d8e80754f7ca5c882
 

Bugs fixed (see bugzilla for more information)

447974 - CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/