From supinfo@caldera.com Wed Mar 13 20:08:17 2002 From: Support Info To: announce@lists.caldera.com, bugtraq@securityfocus.com, linux-security@redhat.com, linuxlist@securityportal.com Date: Wed, 13 Mar 2002 14:17:40 -0700 Subject: Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: REVISED: Linux: Various security problems in ucd-snmp Advisory number: CSSA-2002-004.1 Issue date: 2002, March 8 Cross reference: CSSA-2002.004.0 ______________________________________________________________________________ 1. Problem Description [ This updated advisory adds Volution Manager to the Vulnerable Versions ] Researchers at the university of Oulo, Finland, discovered several remotely exploitable vulnerabilities in ucd-snmp. This security update fixes these vulnerabilities. This update also contains a patch from the SuSE security team that cleans up a number of unchecked memory operations. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder ucd-snmp-4.2.1-17 OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All packages previous to ucd-snmp-4.2.1-17 OpenLinux Workstation 3.1 All packages previous to ucd-snmp-4.2.1-17 OpenLinux 3.1 IA64 not vulnerable OpenLinux Server 3.1.1 All packages previous to ucd-snmp-4.2.1-17 OpenLinux Workstation All packages previous to 3.1.1 ucd-snmp-4.2.1-17 Volution Manager 1.1 All packages previous to ucd-snmp-4.2.1-17v.1 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 not vulnerable 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 39455abae12c26af0767e73ce5fa21ba RPMS/ucd-snmp-4.2.1-17.i386.rpm 2a13a2370c9da23d09a9fdfb94242cb0 RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm 552a1f07b57743ea2f83a77878f8b307 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm 02914263b92c14023b6a8a986739975a RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm 6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \ ucd-snmp-devel-4.2.1-17.i386.rpm \ ucd-snmp-tkmib-4.2.1-17.i386.rpm \ ucd-snmp-utils-4.2.1-17.i386.rpm 6. OpenLinux eDesktop 2.4 not vulnerable 7. OpenLinux 3.1 Server 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 7.2 Verification e1f2eab37121fd66aefab49da3f6173b RPMS/ucd-snmp-4.2.1-17.i386.rpm ad7405f4578ca3f25a56d8e5d96020bb RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm 980115ed7580c8a772e8111ad1494067 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm 48f82f6ee0561fc0961cf99e471a14de RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm 6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \ ucd-snmp-devel-4.2.1-17.i386.rpm \ ucd-snmp-tkmib-4.2.1-17.i386.rpm \ ucd-snmp-utils-4.2.1-17.i386.rpm 8. OpenLinux 3.1 Workstation 8.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 8.2 Verification e1f2eab37121fd66aefab49da3f6173b RPMS/ucd-snmp-4.2.1-17.i386.rpm ad7405f4578ca3f25a56d8e5d96020bb RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm 980115ed7580c8a772e8111ad1494067 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm 48f82f6ee0561fc0961cf99e471a14de RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm 6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm 8.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \ ucd-snmp-devel-4.2.1-17.i386.rpm \ ucd-snmp-tkmib-4.2.1-17.i386.rpm \ ucd-snmp-utils-4.2.1-17.i386.rpm 9. OpenLinux 3.1 IA64 not vulnerable 10. OpenLinux 3.1.1 Server 10.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 10.2 Verification 0bf1e8d5ec70518f2b548871fb1d00b7 RPMS/ucd-snmp-4.2.1-17.i386.rpm 7b8f7fd19b3a0dd61a1113e3d12bd00d RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm b0bf4250ba668660b0c9d859d164e918 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm df84f06b86e973ee8d38f5f995fa7905 RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm 6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm 10.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \ ucd-snmp-devel-4.2.1-17.i386.rpm \ ucd-snmp-tkmib-4.2.1-17.i386.rpm \ ucd-snmp-utils-4.2.1-17.i386.rpm 11. OpenLinux 3.1.1 Workstation 11.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 11.2 Verification 0bf1e8d5ec70518f2b548871fb1d00b7 RPMS/ucd-snmp-4.2.1-17.i386.rpm 7b8f7fd19b3a0dd61a1113e3d12bd00d RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm b0bf4250ba668660b0c9d859d164e918 RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm df84f06b86e973ee8d38f5f995fa7905 RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm 6f3b52721566b814f3937f135a82c6f5 SRPMS/ucd-snmp-4.2.1-17.src.rpm 11.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm \ ucd-snmp-devel-4.2.1-17.i386.rpm \ ucd-snmp-tkmib-4.2.1-17.i386.rpm \ ucd-snmp-utils-4.2.1-17.i386.rpm 12. Volution Manager 1.1 12.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/Volution/Mgr/1.1/current/SRPMS 12.2 Verification ebda82a51da9182e170799d97b80adf3 RPMS/ucd-snmp-4.2.1-17v.1.i386.rpm 056f9b0a7ece17ea90be9039c02e12a2 RPMS/ucd-snmp-devel-4.2.1-17v.1.i386.rpm 8ae3525daa789bb658967d3dda8531c4 RPMS/ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm e399b32750c4f5b7c3764d254e995cfb RPMS/ucd-snmp-utils-4.2.1-17v.1.i386.rpm c9b02cb5217c205e6880219d0c9476d2 SRPMS/ucd-snmp-4.2.1-17v.1.src.rpm 12.3 Installing Fixed Packages Upgrade the affected packages on non-Caldera Linux clients managed by Volution Manager using Volution Manager's software distribution action. Or manually update your non-Caldera Linux clients with the following commands: rpm -Fvh ucd-snmp-4.2.1-17v.1.i386.rpm \ ucd-snmp-devel-4.2.1-17v.1.i386.rpm \ ucd-snmp-tkmib-4.2.1-17v.1.i386.rpm \ ucd-snmp-utils-4.2.1-17v.1.i386.rpm 13. References This and other Caldera security resources are located at: http://www.caldera.com/support/security/index.html This security fix closes Caldera's internal Problem Report 10987. 14. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 15. Acknowledgements Caldera International wishes to thank the Secure Programming Research Group at Oulu University for their work, and for sharing their research results in this fashion. We also wish to thank Thomas Biege at SuSE for his additional patches. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyIBk8ACgkQbluZssSXDTGREQCgsgGB3aMqZhYFOH69ZI4DbvpE aYAAnAzQPDIY0hCpy3jRuh3ZRzx5Ifv6 =yBvP -----END PGP SIGNATURE-----