Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 60487
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially crafted request could cause the snmpd server to crash. (CVE-2008-4309)
Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name 'public' grants read-only access. In production deployments, it is recommended to change this default community name.
SolutionUpdate the affected packages.