Bug#400557: [Pkg-net-snmp-devel] Bug#400557: CVE-2006-5941: Unspecified Malformed TCP packet remote denial of service vulnerability

Thomas Anders thomas.anders at blue-cable.de
Mon Nov 27 12:32:18 CET 2006

CVE-2006-5941 has been assigned based on a Sun Alert that talks about
vulnerabilities in the Sun-supplied Net-SNMP package for
Solaris *only*. The Sun Alert also says:

- --- snip ---
Note 2: The Net-SNMP software was not bundled with Solaris prior to
Solaris 10. However, customers who have built and/or installed a
vulnerable version of Net-SNMP on any version of Solaris are at risk.
See the Net-SNMP web site to download the latest version of Net-SNMP
which addresses these issues.
- --- snap ---

Bottom line: The original CVE-2005-2177 has been fixed in the Debian
Net-SNMP packages and CVE-2006-5941 doesn't even apply.


Thomas Anders (thomas.anders at blue-cable.de)

More information about the Pkg-net-snmp-devel mailing list