• info
• discussion
• exploit
• solution
• references

Net-SNMP snmpnetstat Remote Heap Overflow Vulnerability

Solution:
SCO have released an advisory (CSSA-2003-029.0) and fixes to address this issue in OpenLinux server and workstation. Affected users are advised to apply upgrades as soon as possible. Further information regarding the application of these upgrades is available in the referenced advisory. Fixes are linked below.

Fixes are available:


SCO OpenLinux Workstation 3.1.1

• SCO ucd-snmp-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-4.2.1-18.i386.rpm


• SCO ucd-snmp-devel-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-devel-4.2.1-18.i386.rpm


• SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm


• SCO ucd-snmp-utils-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-utils-4.2.1-18.i386.rpm

SCO OpenLinux Server 3.1.1

• SCO ucd-snmp-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-4.2.1-18.i386.rpm


• SCO ucd-snmp-devel-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-devel-4.2.1-18.i386.rpm


• SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm


• SCO ucd-snmp-utils-4.2.1-18.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-utils-4.2.1-18.i386.rpm

Net-SNMP ucd-snmp 4.2.3

• Conectiva ucd-snmp-4.2.3-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-4.2.3-1U70_2cl.i 386.rpm


• Conectiva ucd-snmp-4.2.3-4U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-4.2.3-4U80_1cl.i38 6.rpm


• Conectiva ucd-snmp-devel-4.2.3-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-4.2.3-1U70 _2cl.i386.rpm


• Conectiva ucd-snmp-devel-4.2.3-4U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-4.2.3-4U80_1 cl.i386.rpm


• Conectiva ucd-snmp-devel-static-4.2.3-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-static-4.2 .3-1U70_2cl.i386.rpm


• Conectiva ucd-snmp-devel-static-4.2.3-4U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-static-4.2.3 -4U80_1cl.i386.rpm


• Conectiva ucd-snmp-utils-4.2.3-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-utils-4.2.3-1U70 _2cl.i386.rpm


• Conectiva ucd-snmp-utils-4.2.3-4U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-utils-4.2.3-4U80_1 cl.i386.rpm