CESA-2009:1124 -- centos 3 i386 net-snmp
|ID: oval:org.secpod.oval:def:200531||Date: (C)2012-01-31 (M)2017-10-04|
|Class: PATCH||Family: unix|
The Simple Network Management Protocol is a protocol used for network management. A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker could issue a specially-crafted GETBULK request that could crash the snmpd daemon. Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name. All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically.