Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64
Critical Nessus Plugin ID 60419
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960)
A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent.
SolutionUpdate the affected packages.