Mandriva Linux Security Advisory : net-snmp (MDVSA-2008:118)
Critical Nessus Plugin ID 37050
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet (CVE-2008-0960).
A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent (CVE-2008-2292).
The updated packages have been patched to prevent these issues.
SolutionUpdate the affected packages.