From owner-doc-jp-work@jp.FreeBSD.org Mon Feb 18 11:33:55 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g1I2Xtl26155;
	Mon, 18 Feb 2002 11:33:55 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from TYO201.gate.nec.co.jp (TYO201.gate.nec.co.jp [202.32.8.214])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g1I2XlW26137;
	Mon, 18 Feb 2002 11:33:48 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailgate4.nec.co.jp ([10.7.69.193])
	by TYO201.gate.nec.co.jp (8.11.6/3.7W01080315) with ESMTP id g1I2Xd914585;
	Mon, 18 Feb 2002 11:33:40 +0900 (JST)
Received: from mailsv4.nec.co.jp (mailgate51.nec.co.jp [10.7.69.190]) by mailgate4.nec.co.jp (8.11.6/3.7W-MAILGATE-NEC) with ESMTP
	id g1I2XaC17257; Mon, 18 Feb 2002 11:33:37 +0900 (JST)
Received: from necspl.do.mms.mt.nec.co.jp (necspl.do.mms.mt.nec.co.jp [10.16.5.21]) by mailsv4.nec.co.jp (8.11.6/3.7W-MAILSV4-NEC) with ESMTP
	id g1I2XAu25561; Mon, 18 Feb 2002 11:33:33 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by  necspl.do.mms.mt.nec.co.jp (8.12.2/8.12.2) with ESMTP id g1I2XAQB015041;
	Mon, 18 Feb 2002 11:33:10 +0900 (JST)
Date: Mon, 18 Feb 2002 11:33:10 +0900 (JST)
Message-Id: <20020218.113310.41727176.y-koga@jp.FreeBSD.org>
To: doc-jp-work@jp.FreeBSD.org
From: Koga Youichirou <y-koga@jp.FreeBSD.org>
In-Reply-To: <20020218.003052.41630757.hrs@eos.ocn.ne.jp>
References: <200202122320.g1CNKSw40400@freefall.freebsd.org>
	<20020218.003052.41630757.hrs@eos.ocn.ne.jp>
X-Mailer: Mew version 3.0.53 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+011218
X-Sequence: doc-jp-work 148
Subject: [doc-jp-work 148] Re: ANNOUNCE: FreeBSD Ports Security
 Advisory FreeBSD-SA-02:11.snmp
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: y-koga@jp.FreeBSD.org

Hiroki Sato <hrs@eos.ocn.ne.jp>:
>  $B$4$a$s$J$5$$!"CY$/$J$j$^$7$?!#(B
>  02:11 $B$G$9!#(B

$B%Q%A%Q%A%Q%A!y(B

> I.   $BGX7J(B - Background
> 
> The Net-SNMP (previously known as UCD-SNMP) package is a set of Simple
> Network Management Protocol tools, including an agent, library, and
> applications for generating and handling requests and traps.
> 
> Net-SNMP ($B0JA0$O(B UCD-SNMP $B$H8F$P$l$F$$$^$7$?(B) $B%Q%C%1!<%8$O(B,
> SNMP $B%(!<%8%'%s%H(B, SNMP $B%i%$%V%i%j(B, SNMP $BMW5a$*$h$S%H%i%C%W$N(B
> $B@8@.$HA`:n$r9T$J$&%"%W%j%1!<%7%g%s$r4^$s$@(B Simple Network
> Management Protocol $BMQ%D!<%k=8$G$9(B.

$B8D?ME*$K$O(B s/$BMW5a(B/$B%j%/%(%9%H(B/

> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> The Net-SNMP port, versions prior to 4.2.3, contains several remotely
> exploitable vulnerabilities.  The OUSPG has discovered vulnerabilities
> in many SNMPv1 implementations through their `PROTOS - Security
> Testing of Protocol Implementations' project.  The vulnerabilities are
> numerous and affect SNMPv1 request and trap handling in both managers
> and agents.  Please refer to the References section for complete
> details.
> 
> Net-SNMP $B$N(B port $B$N%P!<%8%g%s(B 4.2.3 $B$h$jA0$N$b$N$K$O(B, $B%j%b!<%H$+$i(B
> $B0-MQ2DG=$J%;%-%e%j%F%#>e$N<eE@$,J#?t4^$^$l$F$$$^$9(B.  OUSPG $B$,(B
> $B9T$J$C$?(B `PROTOS - Security Testing of Protocol Implementations'
> $B%W%m%8%'%/%H$+$i$O(B, $BB?$/$N(B SNMPv1 $B<BAu$,%;%-%e%j%F%#>e$N<eE@$r(B
> $B;}$C$F$$$k$3$H$,H=L@$7$?$HJs9p$5$l$F$$$^$9(B.  $B$=$N<eE@$OHs>o$K(B
> $BB?$$$b$N$G(B, SNMP $B%^%M!<%8%c(B, SNMP $B%(!<%8%'%s%HN>J}$K$*$1$k(B
> SNMPv1 $BMW5a$*$h$S%H%i%C%W$K1F6A$,$"$j$^$9(B.  $B40A4$J>\:Y$K$D$$$F$O(B
> $B;29M;qNA$N%;%/%7%g%s$r$4Mw$/$@$5$$(B.

PROTOS $B$OB?J,8=:_$b9T$J$o$l$F$$$k%W%m%8%'%/%H$J$N$G!"(B
s/$B9T$J$C$?(B/$B9T$J$C$F$$$k(B/ $B$NJ}$,$h$5$=$&!#(B

# OUSPG $B$N@bL@$O(B References $B$K$"$k$@$1$GJ8=qCf$K$O$J$$$N$M!D(B

s/SNMPv1 $B<BAu$,!A$r;}$C$F$$$k$3$H$,(B/SNMPv1 $B$N<BAu$K!A$,$"$k$3$H$,(B/

> III. $B1F6AHO0O(B - Impact
> 
> Although no exploits are known to exist at this time, the
> vulnerabilities may be exploited by a remote attacker in order to
> cause the SNMP agent to execute arbitrary code with superuser
> privileges.  Malicious agents may respond to requests with specially
> constructed replies that cause arbitrary code to be executed by the
> client.  Knowledge of the SNMP community name is unnecessary for such
> exploits to be effective.
> 
> $B8=;~E@$G$O6qBNE*$J0-MQJ}K!$O8+$D$+$C$F$$$^$;$s$,(B, $B:#2sH=L@$7$?(B
> $B%;%-%e%j%F%#>e$N<eE@$K$O(B, $B%j%b!<%H$N967b<T$,(B SNMP $B%(!<%8%'%s%H$r(B
> $BMxMQ$7$F%9!<%Q%f!<%68"8B$GG$0U$N%3!<%I$r<B9T$5$;$k$3$H$,$G$-$k(B
> $B2DG=@-$,$"$j$^$9(B.  $B$^$?(B, $B0-0U$r;}$C$?(B SNMP $B%(!<%8%'%s%H$+$i(B
> $BFC<l$J2sEz$rAw$k$3$H$G(B, $B%/%i%$%"%s%H$KG$0U$N%3!<%I$r<B9T$5$;$k$3$H$,(B
> $B$G$-$k2DG=@-$b$"$j$^$9(B.  $B$3$N0-MQ$N:]$K(B SNMP $B%3%_%e%K%F%#L>$r(B
> $BCN$C$F$$$kI,MW$O$"$j$^$;$s(B.

s/$BFC<l$J2sEz$rAw$k(B/$B%j%/%(%9%H$KBP$7$FH?1~$9$k(B/
$B$"$k$$$O!V%l%9%]%s%9$rJV$9!W$+$J$!!#(B
----
$B$3$,$h$&$$$A$m$&(B
