Date: Mon, 10 Nov 2008 19:09:00 -0800 From: "Mark D. Foster" <mark@foster.cc> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org, kuriyama@FreeBSD.org Subject: ports/128772: vuxml update for security vulnerability: net-mgmt/net-snmp* Message-ID: <4918F74C.8000508@foster.cc> Resent-Message-ID: <200811110310.mAB3A1GA069321@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128772 >Category: ports >Synopsis: vuxml update for security vulnerability: net-mgmt/net-snmp* >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Nov 11 03:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: FreeBSD 7.0-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD gomer.foster.dmz 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #6: Wed Aug 27 05:57:37 PDT 2008 root@gomer.foster.dmz:/usr/obj/usr/src/sys/GENERIC i386 >Description: >How-To-Repeat: >Fix: --- vuln.xml.patch begins here --- --- vuln.xml.old 2008-11-11 02:07:56.000000000 -0800 +++ vuln.xml 2008-11-11 02:27:10.000000000 -0800 @@ -34,6 +34,36 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d13dfbe3-afda-11dd-ada5-00508bef1fef"> + <topic>net-snmp -- GETBULK Remote Denial of Service</topic> + <affects> + <package> + <name>net-snmp</name> + <name>net-snmp53</name> + <range> + <lt>5.4.2.1</lt> + <lt>5.3.2.3</lt> + <lt>5.2.5.1</lt> + </range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>SANS reports:</p> + <blockquote cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22">; + <p>Net-SNMP is exposed to an unspecified remote denial of service issue related to the handling of "GETBULK" SNMP requests.</p> + </blockquote> + </body> + </description> + <references> + <url>http://sourceforge.net/forum/forum.php?forum_id=882903</url>; + </references> + <dates> + <discovery>2008-11-11</discovery> + <entry>2008-11-11</entry> + </dates> + </vuln> + <vuln vid="c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb"> <topic>trac -- potential DOS vulnerability</topic> <affects> --- vuln.xml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4918F74C.8000508>