ports/128772: vuxml update for security vulnerability: net-mgmt/net-snmp*
Mark D. Foster
mark at foster.cc
Tue Nov 11 03:10:02 UTC 2008
>Number: 128772
>Category: ports
>Synopsis: vuxml update for security vulnerability: net-mgmt/net-snmp*
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 11 03:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster
>Release: FreeBSD 7.0-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD gomer.foster.dmz 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3
#6: Wed Aug 27 05:57:37 PDT 2008
root at gomer.foster.dmz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
>How-To-Repeat:
>Fix:
--- vuln.xml.patch begins here ---
--- vuln.xml.old 2008-11-11 02:07:56.000000000 -0800
+++ vuln.xml 2008-11-11 02:27:10.000000000 -0800
@@ -34,6 +34,36 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d13dfbe3-afda-11dd-ada5-00508bef1fef">
+ <topic>net-snmp -- GETBULK Remote Denial of Service</topic>
+ <affects>
+ <package>
+ <name>net-snmp</name>
+ <name>net-snmp53</name>
+ <range>
+ <lt>5.4.2.1</lt>
+ <lt>5.3.2.3</lt>
+ <lt>5.2.5.1</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SANS reports:</p>
+ <blockquote
cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22">
+ <p>Net-SNMP is exposed to an unspecified remote denial of service
issue related to the handling of "GETBULK" SNMP requests.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://sourceforge.net/forum/forum.php?forum_id=882903</url>
+ </references>
+ <dates>
+ <discovery>2008-11-11</discovery>
+ <entry>2008-11-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb">
<topic>trac -- potential DOS vulnerability</topic>
<affects>
--- vuln.xml.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list