-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :net-snmp SUMMARY :Denial of service DATE :2002-10-14 08:00 UTC - - -------------------------------------------------------------------- The SNMP daemon included in the Net-SNMP package can be crashed if it attempts to process a specially crafted packet. Exploitation requires foreknowledge of a known SNMP community string (either read or read/write). This issue potentially affects any Net-SNMP installation in which the "public" read-only community string has not been changed. Read the full advisory at http://www.idefense.com/advisory/10.02.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/net-snmp-5.0.2a and earlier update their systems as follows: emerge rsync emerge net-snmp emerge clean - - -------------------------------------------------------------------- alizat_private - GnuPG key is available at www.gentoo.org/~aliz - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9qnpxfT7nyhUpoZMRAr8VAJ9NwwO9ymOe6V66qGre6wdnJ2kOTACgulqf CKtVjHMlHd5/lFs31IBCyno= =KVPU -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 12:56:59 PDT