[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SNMPD patch?

To: James Kilton <kilton9@yahoo.com>
Subject: Re: SNMPD patch?
From: d neal wise <nwise@spy.net>
Date: Wed, 20 Feb 2002 11:46:32 +1100 (EST)
Cc: misc@openbsd.org

On Tue, 19 Feb 2002, James Kilton wrote:

> We have a bunch of OpenBSD 2.7 - 2.9 machines here
> utilizing SNMP, and I was surprised to see no mention
> of a patch on OpenBSD's site.  Is this exploit not
> vulnerable in OpenBSD?

if you're using the package or port for snmpd it's probably ucd-snmpd (aka
net-snmpd) which isn't developed or maintained by OpenBSD.
ucd-snmpd/net-snmpd was mentioned on the CERT advisory though. Someone
might update a port/package to use a new release of ucd-snmpd which
addresses the risks but I wouldn't hold your breath waiting for one for
older OpenBSD releases.

This is what's in our local mirror here (ftp.au.openbsd.org)

2.6/packages/i386/ucd-snmp-3.6.2.tgz
2.8/packages/i386/ucd-snmp-4.1.2.tgz
2.9/packages/i386/ucd-snmp-4.2.tgz
3.0/packages/i386/ucd-snmp-4.2.2.tgz

According to http://www.net-snmp.org/
you should be running 4.2.3 to address the issue. Use the port for 4.2.2
as a basis for building 4.2.3.

regards,

neal
___________
d neal wise - nwise@spy.net
SPY internetworking  -  will network for food
http://www.spy.net

Follow-Ups:
- Re: SNMPD patch?
  - From: Ralph Forsythe <rforsythe@centerone.com>

References:
- SNMPD patch?
  - From: James Kilton <kilton9@yahoo.com>

Prev by Date: Re: Fwd: Re: issue with pf and dhcp
Next by Date: Re: SNMPD patch?
Prev by thread: SNMPD patch?
Next by thread: Re: SNMPD patch?
Index(es):
- Date
- Thread