what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed


Status Candidate


Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before, 5.3 before, and 5.2 before allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Related Files

Apple Security Advisory 2010-12-16
Posted Dec 17, 2010
Authored by Apple | Site apple.com

Apple Security Advisory 2010-12-16-1 - Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2008-4309, CVE-2009-2189, CVE-2010-0039, CVE-2009-1574, CVE-2010-1804
SHA-256 | 19e1b60ec22923c32fb00988fef5c6e725dba382d2956765668f49e98ef707a3
VMware Security Advisory 2010-0003
Posted Feb 16, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.

tags | advisory, remote
advisories | CVE-2009-1887, CVE-2008-4309
SHA-256 | be9eec1e0afa2608f6e5a930b35d6a797d067f76d7824fe15b60c52609c39c15
HP Security Bulletin HPSBMA02447 SSRT090062
Posted Aug 15, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, csrf
systems | linux
advisories | CVE-2009-2677, CVE-2009-0590, CVE-2009-1272, CVE-2008-5161, CVE-2008-4309, CVE-2008-1720
SHA-256 | 838d70db0ddc48f9b732052572867e594114992666fb9080bd42333261a17cf6
VMware Security Advisory 2009-0001
Posted Feb 1, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.

tags | advisory
advisories | CVE-2008-4914, CVE-2008-4309, CVE-2008-4226, CVE-2008-4225
SHA-256 | 0e7b91107741d71e6675c0f2c159e51f653f073c37b9efdcb9785268746062c4
Gentoo Linux Security Advisory 200901-15
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2008-4309
SHA-256 | df1dcc817a8effce7b67b98444e66e9d0d22d76918dfad9e2e83287e4208ecdc
Ubuntu Security Notice 685-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.

tags | advisory, remote, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | 441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65
Debian Linux Security Advisory 1663-1
Posted Nov 9, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
Mandriva Linux Security Advisory 2008-225
Posted Nov 6, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4309
SHA-256 | 5d5ddf1e815d688280805511b1ed85080241d0e46541246a93048045c7075c89
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By