exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2008-2292

Status Candidate

Overview

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Related Files

Ubuntu Security Notice 685-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.

tags | advisory, remote, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | 441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65
Debian Linux Security Advisory 1663-1
Posted Nov 9, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
VMware Security Advisory 2008-0013
Posted Aug 13, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.

tags | advisory, perl, vulnerability
advisories | CVE-2007-3108, CVE-2007-5135, CVE-2008-2292, CVE-2008-0960, CVE-2008-1927
SHA-256 | b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221
Gentoo Linux Security Advisory 200808-2
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-02 - Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Versions less than 5.4.1.1 are affected.

tags | advisory, overflow, perl
systems | linux, gentoo
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | e6d84d1323e43ba022aac84c3b0081e045f00b8ba2c02b9bb6b8aecdf785ce53
SUSE-SA-2008-039.txt
Posted Aug 1, 2008
Site suse.com

SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).

tags | advisory, local, protocol
systems | linux, suse
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | 51fa484aec92b65802091658bdf77bf9d1215aabe8811a2e23ba90cb8d51ba16
Mandriva Linux Security Advisory 2008-118
Posted Jun 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet. A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent.

tags | advisory, overflow, perl, spoof
systems | linux, mandriva
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | babeada070a56962e37934c5b40607987158dc8d74b1ca5546b1d998b792993c
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    2 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close