Debian Security Advisory

DSA-111-1 ucd-snmp -- remote exploit

Date Reported:

14 Feb 2002

Affected Packages:

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2002-012, CVE-2002-013.
CERT's vulnerabilities, advisories and incident notes: VU#854306, VU#107186, CA-2002-03.

More information:

The Secure Programming Group of the Oulu University did a study on SNMP implementations and uncovered multiple problems which can cause problems ranging from Denial of Service attacks to remote exploits.

New UCD-SNMP packages have been prepared to fix these problems as well as a few others. The complete list of fixed problems is:

When running external programs snmpd used temporary files insecurely
snmpd did not properly reset supplementary groups after changing its uid and gid
Modified most code to use buffers instead of fixed-length strings to prevent buffer overflows
The ASN.1 parser did not check for negative lengths
The IFINDEX response handling in snmpnetstat did not do a sanity check on its input

(thanks to Caldera for most of the work on those patches)

The new version is 4.1.1-2.1 and we recommend you upgrade your snmp packages immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.diff.gz; http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.dsc; http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.2_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.2_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.2_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.2_alpha.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.2_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.2_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.2_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.2_arm.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.2_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.2_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.2_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.2_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.2_m68k.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.2_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.2_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.2_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.