From mark@foster.cc  Tue Nov 11 03:09:07 2008
Return-Path: <mark@foster.cc>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 32A771065689
	for <freebsd-gnats-submit@freebsd.org>; Tue, 11 Nov 2008 03:09:07 +0000 (UTC)
	(envelope-from mark@foster.cc)
Received: from QMTA03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [76.96.62.32])
	by mx1.freebsd.org (Postfix) with ESMTP id 40EBB8FC16
	for <freebsd-gnats-submit@freebsd.org>; Tue, 11 Nov 2008 03:09:05 +0000 (UTC)
	(envelope-from mark@foster.cc)
Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60])
	by QMTA03.westchester.pa.mail.comcast.net with comcast
	id dcsa1a0021HzFnQ53f8LW4; Tue, 11 Nov 2008 03:08:20 +0000
Received: from [192.168.1.9] ([24.17.96.78])
	by OMTA14.westchester.pa.mail.comcast.net with comcast
	id df8p1a00F1hTbBL3af8qQ8; Tue, 11 Nov 2008 03:08:51 +0000
Message-Id: <4918F74C.8000508@foster.cc>
Date: Mon, 10 Nov 2008 19:09:00 -0800
From: "Mark D. Foster" <mark@foster.cc>
To: FreeBSD-gnats-submit@freebsd.org
Cc: kuriyama@FreeBSD.org, security-team@FreeBSD.org
Subject: vuxml update for security vulnerability: net-mgmt/net-snmp*

>Number:         128772
>Category:       ports
>Synopsis:       vuxml update for security vulnerability: net-mgmt/net-snmp*
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kuriyama
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 11 03:10:01 UTC 2008
>Closed-Date:    Fri Nov 14 06:10:53 UTC 2008
>Last-Modified:  Fri Nov 14 06:10:53 UTC 2008
>Originator:     Mark Foster
>Release:        FreeBSD 7.0-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD gomer.foster.dmz 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3
#6: Wed Aug 27 05:57:37 PDT 2008
root@gomer.foster.dmz:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	
>How-To-Repeat:
	
>Fix:

	

--- vuln.xml.patch begins here ---
--- vuln.xml.old	2008-11-11 02:07:56.000000000 -0800
+++ vuln.xml	2008-11-11 02:27:10.000000000 -0800
@@ -34,6 +34,36 @@

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="d13dfbe3-afda-11dd-ada5-00508bef1fef">
+    <topic>net-snmp -- GETBULK Remote Denial of Service</topic>
+    <affects>
+      <package>
+	<name>net-snmp</name>
+	<name>net-snmp53</name>
+	<range>
+		<lt>5.4.2.1</lt>
+		<lt>5.3.2.3</lt>
+		<lt>5.2.5.1</lt>
+	</range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>SANS reports:</p>
+	<blockquote
cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22">
+	  <p>Net-SNMP is exposed to an unspecified remote denial of service
issue related to the handling of "GETBULK" SNMP requests.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://sourceforge.net/forum/forum.php?forum_id=882903</url>
+    </references>
+    <dates>
+      <discovery>2008-11-11</discovery>
+      <entry>2008-11-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb">
     <topic>trac -- potential DOS vulnerability</topic>
     <affects>
--- vuln.xml.patch ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->kuriyama 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Nov 11 03:10:16 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128772 
State-Changed-From-To: open->closed 
State-Changed-By: kuriyama 
State-Changed-When: Fri Nov 14 06:10:43 UTC 2008 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128772 
>Unformatted:
