what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2008-4309

Status Candidate

Overview

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Related Files

Apple Security Advisory 2010-12-16
Posted Dec 17, 2010
Authored by Apple | Site apple.com

Apple Security Advisory 2010-12-16-1 - Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2008-4309, CVE-2009-2189, CVE-2010-0039, CVE-2009-1574, CVE-2010-1804
SHA-256 | 19e1b60ec22923c32fb00988fef5c6e725dba382d2956765668f49e98ef707a3
VMware Security Advisory 2010-0003
Posted Feb 16, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.

tags | advisory, remote
advisories | CVE-2009-1887, CVE-2008-4309
SHA-256 | be9eec1e0afa2608f6e5a930b35d6a797d067f76d7824fe15b60c52609c39c15
HP Security Bulletin HPSBMA02447 SSRT090062
Posted Aug 15, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, csrf
systems | linux
advisories | CVE-2009-2677, CVE-2009-0590, CVE-2009-1272, CVE-2008-5161, CVE-2008-4309, CVE-2008-1720
SHA-256 | 838d70db0ddc48f9b732052572867e594114992666fb9080bd42333261a17cf6
VMware Security Advisory 2009-0001
Posted Feb 1, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.

tags | advisory
advisories | CVE-2008-4914, CVE-2008-4309, CVE-2008-4226, CVE-2008-4225
SHA-256 | 0e7b91107741d71e6675c0f2c159e51f653f073c37b9efdcb9785268746062c4
Gentoo Linux Security Advisory 200901-15
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than 5.4.2.1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2008-4309
SHA-256 | df1dcc817a8effce7b67b98444e66e9d0d22d76918dfad9e2e83287e4208ecdc
Ubuntu Security Notice 685-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.

tags | advisory, remote, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | 441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65
Debian Linux Security Advisory 1663-1
Posted Nov 9, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
SHA-256 | a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
Mandriva Linux Security Advisory 2008-225
Posted Nov 6, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4309
SHA-256 | 5d5ddf1e815d688280805511b1ed85080241d0e46541246a93048045c7075c89
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close