Rapid7 Vulnerability & Exploit Database

RHSA-2001:163: Updated ucd-snmp packages available

Back to Search

RHSA-2001:163: Updated ucd-snmp packages available

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
02/13/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.2. These packages prevent possible denial of service attacks and security breaches as discovered by the Oulu University Secure Programming Group

The Simple Network Management Protocol (SNMP) enables monitoring and configuration of network nodes. The Oulu University Secure Programming Group performed a vulnerability assessment of various SNMP implementations through syntax testing and test-suite creation. The test-suite showed several failures in the ucd-snmp tools in version 4.2.2 and earlier. These vulnerabilities can cause denial-of-service conditions, service interruptions, and in some cases could result in a remote security breach. Updated ucd-snmp packages are provided that are not susceptible to these vulnerabilities and which pass all tests of the test-suite sucessfully. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2002-0012 and CAN-2002-0013 to these issues. All users of ucd-snmp should upgrade to these errata packages. For Red Hat Linux 7.2 updated packages for ethereal (a network traffic analyser that makes use of ucd-snmp) are directly available via this errata as well. For all previous versions of Red Hat Linux a separate powertools errata will provide updated ethereal packages.

Solution(s)

  • redhat-upgrade-ethereal
  • redhat-upgrade-ethereal-gnome
  • redhat-upgrade-ucd-snmp
  • redhat-upgrade-ucd-snmp-devel
  • redhat-upgrade-ucd-snmp-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;