- rc scripts added (names suggested by Nigel Taylor, I was having
a hard time coming up with something nice that avoid a conflict with
base snmpd now the rc.d namespace is shared).
A bug in the getbulk handling code could let anyone with even minimal
access crash the agent.
(straight out of malloc(3) "be careful to avoid...")
ok rui@ (maintainer)
A vulnerability has been reported in Net-SNMP, which can be exploited
by malicious people to spoof authenticated SNMPv3 packets.
The authentication code reads the length to be checked from sender
input, this allows the sender to supply single byte HMAC code and
have a 1 in 256 chance of matching the correct HMAC and authenticating,
as only the first byte will be checked. The sender would need to
know a valid username.
ok rui (maintainer)
