RHSA-2005:720 - Security Advisory

Topic

Updated ucd-snmp packages that a security issue are now available for Red
Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

SNMP (Simple Network Management Protocol) is a protocol used for network
management.

A denial of service bug was found in the way ucd-snmp uses network stream
protocols. A remote attacker could send a ucd-snmp agent a specially
crafted packet which will cause the agent to crash. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-2177 to
this issue.

All users of ucd-snmp should upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

• BZ - 162909 - CAN-2005-2177 net-snmp denial of service

CVEs

• CVE-2005-2177

References

(none)