|
|
Family: Fedora Local Security Checks --> Category: infos
Fedora Core 4 2005-561: net-snmp Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the net-snmp package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2005-561 (net-snmp).
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.
Building option:
--without tcp_wrappers : disable tcp_wrappers support
Update Information:
A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent's which
have opened a stream based protocol (EG, TCP but not UDP
it should be
noted that Net-SNMP does not by default open a TCP port).
http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
Solution : http://fedoranews.org//mediawiki/index.php/Fedora_Core_4_Update:_net-snmp-5.2.1.2-fc4.1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
