CESA-2009:1124 -- centos 3 x86_64 net-snmpID: oval:org.secpod.oval:def:200496 | Date: (C)2012-01-31 (M)2023-11-13 |
Class: PATCH | Family: unix |
The Simple Network Management Protocol is a protocol used for network management. A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker could issue a specially-crafted GETBULK request that could crash the snmpd daemon. Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name. All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.