Mandriva Linux Security Advisory : net-snmp (MDVSA-2008:225)
Medium Nessus Plugin ID 36859
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially crafted request which would cause snmpd to crash (CVE-2008-4309).
Please note that for this to be successfully exploited, an attacker must have read access to the SNMP server. By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.