Package: net-snmp Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for net-snmp.
CVE-2008-0960[0]: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x | before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) | Juniper Session and Resource Control (SRC) C-series 1.0.0 through | 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and | 7.3RC2; (6) SNMP Research before 16.2; and (7) multiple Cisco IOS, | CatOS, ACE, and Nexus products; relies on the client to specify the | HMAC length, which makes it easier for remote attackers to bypass SNMP | authentication via a length value of 1, which only checks the first | byte. Upstream patch: http://sourceforge.net/tracker/download.php?group_id=12694&atid=456380&file_id=280776&aid=1989089 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 http://security-tracker.debian.net/tracker/CVE-2008-0960 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpvUDxPihVfG.pgp
Description: PGP signature
