Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-004.1-Various security problems in ucd-snmp

CSSA-2002-004.1-Various security problems in ucd-snmp

by Nikola Strahija on March 15th, 2002 Researchers at the university of Oulo, Finland, discovered several remotely exploitable vulnerabilities in ucd-snmp. This security update fixes these vulnerabilities. This update also contains a patch from the SuSE security team that cleans up a number of unchecked memory operations.


Vulnerable Versions

System Package
-----------------------------------------------------------
OpenLinux 2.3 not vulnerable

OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder ucd-snmp-4.2.1-17

OpenLinux eDesktop 2.4 not vulnerable

OpenLinux Server 3.1 All packages previous to
ucd-snmp-4.2.1-17

OpenLinux Workstation 3.1 All packages previous to
ucd-snmp-4.2.1-17

OpenLinux 3.1 IA64 not vulnerable

OpenLinux Server 3.1.1 All packages previous to
ucd-snmp-4.2.1-17

OpenLinux Workstation All packages previous to
3.1.1 ucd-snmp-4.2.1-17

Volution Manager 1.1 All packages previous to
ucd-snmp-4.2.1-17v.1


3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

39455abae12c26af0767e73ce5fa21ba RPMS/ucd-snmp-4.2.1-17.i386.rpm
2a13a2370c9da23d09a9fdfb94242cb0 RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
552a1f07b57743ea2f83a77878f8b307 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
02914263b92c14023b6a8a986739975a RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm


5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm
ucd-snmp-devel-4.2.1-17.i386.rpm
ucd-snmp-tkmib-4.2.1-17.i386.rpm
ucd-snmp-utils-4.2.1-17.i386.rpm


6. OpenLinux eDesktop 2.4

not vulnerable

7. OpenLinux 3.1 Server

7.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

7.2 Verification

e1f2eab37121fd66aefab49da3f6173b RPMS/ucd-snmp-4.2.1-17.i386.rpm
ad7405f4578ca3f25a56d8e5d96020bb RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
980115ed7580c8a772e8111ad1494067 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
48f82f6ee0561fc0961cf99e471a14de RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm


7.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm
ucd-snmp-devel-4.2.1-17.i386.rpm
ucd-snmp-tkmib-4.2.1-17.i386.rpm
ucd-snmp-utils-4.2.1-17.i386.rpm


8. OpenLinux 3.1 Workstation

8.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

The corresponding source code package can be found at:


ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

8.2 Verification

e1f2eab37121fd66aefab49da3f6173b RPMS/ucd-snmp-4.2.1-17.i386.rpm
ad7405f4578ca3f25a56d8e5d96020bb RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
980115ed7580c8a772e8111ad1494067 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
48f82f6ee0561fc0961cf99e471a14de RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm


8.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm
ucd-snmp-devel-4.2.1-17.i386.rpm
ucd-snmp-tkmib-4.2.1-17.i386.rpm
ucd-snmp-utils-4.2.1-17.i386.rpm


9. OpenLinux 3.1 IA64

not vulnerable

10. OpenLinux 3.1.1 Server

10.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

10.2 Verification

0bf1e8d5ec70518f2b548871fb1d00b7 RPMS/ucd-snmp-4.2.1-17.i386.rpm
7b8f7fd19b3a0dd61a1113e3d12bd00d RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
b0bf4250ba668660b0c9d859d164e918 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
df84f06b86e973ee8d38f5f995fa7905 RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm


10.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm
ucd-snmp-devel-4.2.1-17.i386.rpm
ucd-snmp-tkmib-4.2.1-17.i386.rpm
ucd-snmp-utils-4.2.1-17.i386.rpm


11. OpenLinux 3.1.1 Workstation

11.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:


ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:


ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

11.2 Verification

0bf1e8d5ec70518f2b548871fb1d00b7 RPMS/ucd-snmp-4.2.1-17.i386.rpm
7b8f7fd19b3a0dd61a1113e3d12bd00d RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
b0bf4250ba668660b0c9d859d164e918 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
df84f06b86e973ee8d38f5f995fa7905 RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm


11.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm
ucd-snmp-devel-4.2.1-17.i386.rpm
ucd-snmp-tkmib-4.2.1-17.i386.rpm
ucd-snmp-utils-4.2.1-17.i386.rpm


12. Volution Manager 1.1

12.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/SRPMS

12.2 Verification

ebda82a51da9182e170799d97b80adf3 RPMS/ucd-snmp-4.2.1-17v.1.i386.rpm
056f9b0a7ece17ea90be9039c02e12a2 RPMS/ucd-snmp-devel-4.2.1-17v.1.i386.rpm
8ae3525daa789bb658967d3dda8531c4 RPMS/ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm
e399b32750c4f5b7c3764d254e995cfb RPMS/ucd-snmp-utils-4.2.1-17v.1.i386.rpm
c9b02cb5217c205e6880219d0c9476d2 SRPMS/ucd-snmp-4.2.1-17v.1.src.rpm


12.3 Installing Fixed Packages

Upgrade the affected packages on non-Caldera Linux clients
managed by Volution Manager using Volution Manager's software
distribution action.

Or manually update your non-Caldera Linux clients with the
following commands:

rpm -Fvh ucd-snmp-4.2.1-17v.1.i386.rpm
ucd-snmp-devel-4.2.1-17v.1.i386.rpm
ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm
ucd-snmp-utils-4.2.1-17v.1.i386.rpm


13. References

This and other Caldera security resources are located at:

http://www.caldera.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 10987.


14. Disclaimer

Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera International products.


15. Acknowledgements

Caldera International wishes to thank the Secure Programming Research
Group at Oulu University for their work, and for sharing their research
results in this fashion. We also wish to thank Thomas Biege at SuSE for
his additional patches.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyIBk8ACgkQbluZssSXDTGREQCgsgGB3aMqZhYFOH69ZI4DbvpE
aYAAnAzQPDIY0hCpy3jRuh3ZRzx5Ifv6
=yBvP
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »