what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2008-2292

Status Candidate

Overview

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Related Files

Ubuntu Security Notice 685-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.

tags | advisory, remote, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | 441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65
Debian Linux Security Advisory 1663-1
Posted Nov 9, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
VMware Security Advisory 2008-0013
Posted Aug 13, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.

tags | advisory, perl, vulnerability
advisories | CVE-2007-3108, CVE-2007-5135, CVE-2008-2292, CVE-2008-0960, CVE-2008-1927
SHA-256 | b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221
Gentoo Linux Security Advisory 200808-2
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-02 - Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Versions less than 5.4.1.1 are affected.

tags | advisory, overflow, perl
systems | linux, gentoo
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | e6d84d1323e43ba022aac84c3b0081e045f00b8ba2c02b9bb6b8aecdf785ce53
SUSE-SA-2008-039.txt
Posted Aug 1, 2008
Site suse.com

SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).

tags | advisory, local, protocol
systems | linux, suse
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | 51fa484aec92b65802091658bdf77bf9d1215aabe8811a2e23ba90cb8d51ba16
Mandriva Linux Security Advisory 2008-118
Posted Jun 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet. A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent.

tags | advisory, overflow, perl, spoof
systems | linux, mandriva
advisories | CVE-2008-0960, CVE-2008-2292
SHA-256 | babeada070a56962e37934c5b40607987158dc8d74b1ca5546b1d998b792993c
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close