[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SNMPD patch?
On Tue, 19 Feb 2002, James Kilton wrote:
> We have a bunch of OpenBSD 2.7 - 2.9 machines here
> utilizing SNMP, and I was surprised to see no mention
> of a patch on OpenBSD's site. Is this exploit not
> vulnerable in OpenBSD?
if you're using the package or port for snmpd it's probably ucd-snmpd (aka
net-snmpd) which isn't developed or maintained by OpenBSD.
ucd-snmpd/net-snmpd was mentioned on the CERT advisory though. Someone
might update a port/package to use a new release of ucd-snmpd which
addresses the risks but I wouldn't hold your breath waiting for one for
older OpenBSD releases.
This is what's in our local mirror here (ftp.au.openbsd.org)
According to http://www.net-snmp.org/
you should be running 4.2.3 to address the issue. Use the port for 4.2.2
as a basis for building 4.2.3.
d neal wise - firstname.lastname@example.org
SPY internetworking - will network for food