Hi, I intent to upload an NMU (this time with the correct patch :). For obvious reasons (see -private) I am going to upload this as a 0-day NMU.
debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/net-snmp-5.4.1~dfsg-8_5.4.1~dfsg-8.1.patch Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u net-snmp-5.4.1~dfsg/debian/changelog net-snmp-5.4.1~dfsg/debian/changelog
--- net-snmp-5.4.1~dfsg/debian/changelog
+++ net-snmp-5.4.1~dfsg/debian/changelog
@@ -1,3 +1,13 @@
+net-snmp (5.4.1~dfsg-8.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * This update fixes the following security issue:
+ - CVE-2008-0960: The authentication code relies on the client specified
+ HMAC length which makes it easier for an attacker to match a correct HMAC
+ and authentication if a single byte HMAC is supplied (Closes: #485945)
+
+ -- Nico Golde <[EMAIL PROTECTED]> Thu, 12 Jun 2008 22:22:52 +0200
+
net-snmp (5.4.1~dfsg-8) unstable; urgency=low
* NACK NMU as the patch broke perl (Closes: #483588)
only in patch2:
unchanged:
--- net-snmp-5.4.1~dfsg.orig/debian/patches/50_cve2008_0960.README
+++ net-snmp-5.4.1~dfsg/debian/patches/50_cve2008_0960.README
@@ -0,0 +1 @@
+Upstream Changeset 17023: BUG: 1989089: Check for HMAC length
only in patch2:
unchanged:
--- net-snmp-5.4.1~dfsg.orig/debian/patches/50_cve2008_0960.patch
+++ net-snmp-5.4.1~dfsg/debian/patches/50_cve2008_0960.patch
@@ -0,0 +1,13 @@
+--- net-snmp-5.4.1/snmplib/scapi.c 2006-09-15 05:47:01.000000000 -0700
++++ net-snmp-5.4.1.1/snmplib/scapi.c 2008-05-13 17:43:17.000000000 -0700
+@@ -563,6 +563,10 @@
+ }
+
+
++ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
++ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
++ }
++
+ /*
+ * Generate a full hash of the message, then compare
+ * the result with the given MAC which may shorter than
pgpbCE0MwgQCW.pgp
Description: PGP signature
