On Tue, Feb 12, 2002 at 03:49:58PM -0600, Todd Adamson wrote: > > That is Correct. Anything prior to 4.2.3 has the vulnerability.
There's an error somewhere. According to the CERT bulletin : NET-SNMP All ucd-snmp version prior to 4.2.2 are susceptible to this vulnerability and users of versions prior to version 4.2.2 are encouraged to upgrade their software as soon as possible (http://www.net-snmp.org/download/). Version 4.2.2 and higher are not susceptible. Note that net-snmp's changelog says something about security fixes for 4.2.2, not 4.2.3. But for FreeBSD, we have : FreeBSD FreeBSD does not include any SNMP software by default, and so is not vulnerable. However, the FreeBSD Ports Collection contains the UCD-SNMP / NET-SNMP package. Package versions prior to ucd-snmp-4.2.3 are vulnerable. So, I don't know who we should trust... -- Renaud
