Vulnerabilities > CVE-2008-4309 - Improper Input Validation vulnerability in Net-Snmp 5.2.5/5.3.2.2/5.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1663.NASL description Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. - CVE-2008-2292 John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). - CVE-2008-4309 It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request. last seen 2020-06-01 modified 2020-06-02 plugin id 34720 published 2008-11-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34720 title Debian DSA-1663-1 : net-snmp - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1663. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(34720); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-0960", "CVE-2008-2292", "CVE-2008-4309"); script_bugtraq_id(29212, 29623, 32020); script_xref(name:"DSA", value:"1663"); script_name(english:"Debian DSA-1663-1 : net-snmp - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. - CVE-2008-2292 John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). - CVE-2008-4309 It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485945" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482333" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504150" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0960" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-2292" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-4309" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1663" ); script_set_attribute( attribute:"solution", value: "Upgrade the net-snmp package. For the stable distribution (etch), these problems has been fixed in version 5.2.3-7etch4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 119, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libsnmp-base", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"libsnmp-perl", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"libsnmp9", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"libsnmp9-dev", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"snmp", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"snmpd", reference:"5.2.3-7etch4")) flag++; if (deb_check(release:"4.0", prefix:"tkmib", reference:"5.2.3-7etch4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2008-10451.NASL description - Mon Nov 3 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-1 - explicitly require the right version and release of net-snmp and net-snmp-libs - update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36774 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36774 title Fedora 10 : net-snmp-5.4.2.1-1.fc10 (2008-10451) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-10451. # include("compat.inc"); if (description) { script_id(36774); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2008-4309"); script_xref(name:"FEDORA", value:"2008-10451"); script_name(english:"Fedora 10 : net-snmp-5.4.2.1-1.fc10 (2008-10451)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Nov 3 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-1 - explicitly require the right version and release of net-snmp and net-snmp-libs - update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=469349" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016869.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?210cae4e" ); script_set_attribute( attribute:"solution", value:"Update the affected net-snmp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"net-snmp-5.4.2.1-1.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-320-02.NASL description New net-snmp packages are available for Slackware 12.0, 12.1, and -current to fix a denial of service issue. last seen 2020-06-01 modified 2020-06-02 plugin id 34783 published 2008-11-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34783 title Slackware 12.0 / 12.1 / current : net-snmp (SSA:2008-320-02) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2008-320-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(34783); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2008-4309"); script_xref(name:"SSA", value:"2008-320-02"); script_name(english:"Slackware 12.0 / 12.1 / current : net-snmp (SSA:2008-320-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New net-snmp packages are available for Slackware 12.0, 12.1, and -current to fix a denial of service issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.372460 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f80c58a1" ); script_set_attribute( attribute:"solution", value:"Update the affected net-snmp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.0", pkgname:"net-snmp", pkgver:"5.4.2.1", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"net-snmp", pkgver:"5.4.2.1", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"current", pkgname:"net-snmp", pkgver:"5.4.2.1", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2008-9362.NASL description - Mon Jun 23 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-8 - explicitly require the right version and release of net-snmp and net-snmp-libs (#451225) - fix CVE-2008-4309 - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-7 - fix various flaws (CVE-2008-2292 CVE-2008-0960) - Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-6 - fixing ipNetToMediaNetAddress to show IP address (#432780) - Thu Nov 15 2007 Jan Safranek <jsafranek at redhat.com> 5.4.1-5 - added procps to build dependencies (#380321) - fix crash on reading xen interfaces (#386611) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34703 published 2008-11-06 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34703 title Fedora 8 : net-snmp-5.4.1-8.fc8 (2008-9362) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-9362. # include("compat.inc"); if (description) { script_id(34703); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-4309"); script_bugtraq_id(32020); script_xref(name:"FEDORA", value:"2008-9362"); script_name(english:"Fedora 8 : net-snmp-5.4.1-8.fc8 (2008-9362)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Jun 23 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-8 - explicitly require the right version and release of net-snmp and net-snmp-libs (#451225) - fix CVE-2008-4309 - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-7 - fix various flaws (CVE-2008-2292 CVE-2008-0960) - Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-6 - fixing ipNetToMediaNetAddress to show IP address (#432780) - Thu Nov 15 2007 Jan Safranek <jsafranek at redhat.com> 5.4.1-5 - added procps to build dependencies (#380321) - fix crash on reading xen interfaces (#386611) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=469349" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/015888.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8e81eea" ); script_set_attribute( attribute:"solution", value:"Update the affected net-snmp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"net-snmp-5.4.1-8.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp"); }
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0017_NET-SNMP.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has net-snmp packages installed that are affected by multiple vulnerabilities: - SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. (CVE-2008-0960) - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). (CVE-2008-2292) - Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. (CVE-2008-4309) - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127171 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127171 title NewStart CGSL MAIN 5.04 : net-snmp Multiple Vulnerabilities (NS-SA-2019-0017) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DAF045D7B21111DDA987000C29CA8953.NASL description Wes Hardaker reports through sourceforge.net forum : SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents (bad bad bad; stop doing that!) or if you don last seen 2020-06-01 modified 2020-06-02 plugin id 34770 published 2008-11-14 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34770 title FreeBSD : net-snmp -- DoS for SNMP agent via crafted GETBULK request (daf045d7-b211-11dd-a987-000c29ca8953) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200901-15.NASL description The remote host is affected by the vulnerability described in GLSA-200901-15 (Net-SNMP: Denial of Service) Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Impact : A remote attacker could send a specially crafted request to crash the SNMP server. NOTE: The attacker needs to know the community string to exploit this vulnerability. Workaround : Restrict access to trusted entities only. last seen 2020-06-01 modified 2020-06-02 plugin id 35444 published 2009-01-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35444 title GLSA-200901-15 : Net-SNMP: Denial of Service NASL family Misc. NASL id AIRPORT_FIRMWARE_7_5_2.NASL description According to the firmware version collected via SNMP, the remote Apple Time Capsule / AirPort Base Station / AirPort Extreme Base Station is affected by multiple remote vulnerabilities. - An integer overflow exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 51342 published 2010-12-17 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51342 title Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1) NASL family SuSE Local Security Checks NASL id SUSE9_12298.NASL description Remote attackers could crash net-snmp via GETBULK-Request. (CVE-2008-4309) In addition the following non-security issues have been fixed : - typo in error message (bnc#439857) - make OIDs longer than 256 chars work (bnc#345914) - typo in the snmpd init script to really load all agents (bnc#415127) - logrotate config to restart the snmptrapd aswell (bnc#378069) last seen 2020-06-01 modified 2020-06-02 plugin id 41256 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41256 title SuSE9 Security Update : net-snmp (YOU Patch Number 12298) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-225.NASL description A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially crafted request which would cause snmpd to crash (CVE-2008-4309). Please note that for this to be successfully exploited, an attacker must have read access to the SNMP server. By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36859 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36859 title Mandriva Linux Security Advisory : net-snmp (MDVSA-2008:225) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0001.NASL description a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40387 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40387 title VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages NASL family SuSE Local Security Checks NASL id SUSE_NET-SNMP-5807.NASL description Remote attackers could crash net-snmp via GETBULK-Request. (CVE-2008-4309) In addition the following non-security issues have been fixed : - typo in error message. (bnc#439857) - fix duplicate registration warnings on startup. (bnc#326957) - container insert errors reproducable with shared ip setups. (bnc#396773) - typo in the snmpd init script to really load all agents. (bnc#415127) - logrotate config to restart the snmptrapd aswell. (bnc#378069) last seen 2020-06-01 modified 2020-06-02 plugin id 35460 published 2009-01-26 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35460 title SuSE 10 Security Update : net-snmp (ZYPP Patch Number 5807) NASL family Solaris Local Security Checks NASL id SOLARIS10_120272.NASL description SunOS 5.10: SMA patch. Date this patch was last updated by Sun : May/11/17 This plugin has been deprecated and either replaced with individual 120272 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25272 published 2007-05-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25272 title Solaris 10 (sparc) : 120272-40 (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-685-1.NASL description Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user last seen 2020-06-01 modified 2020-06-02 plugin id 38099 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38099 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : net-snmp vulnerabilities (USN-685-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0971.NASL description From Red Hat Security Advisory 2008:0971 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name last seen 2020-06-01 modified 2020-06-02 plugin id 67761 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67761 title Oracle Linux 3 / 4 / 5 : net-snmp (ELSA-2008-0971) NASL family Scientific Linux Local Security Checks NASL id SL_20081103_NET_SNMP_ON_SL3_X.NASL description A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name last seen 2020-06-01 modified 2020-06-02 plugin id 60487 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60487 title Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0003.NASL description a. Service Console package net-snmp updated This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail. This vulnerability was introduced by an incorrect fix for CVE-2008-4309. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1887 to this issue. Note: After installing the previous patch for net-snmp (ESX350-200901409-SG), running the snmpbulkwalk command with the parameter -CnX results in no output, and the snmpd daemon stops. last seen 2020-06-01 modified 2020-06-02 plugin id 44642 published 2010-02-17 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44642 title VMSA-2010-0003 : ESX Service Console update for net-snmp NASL family Solaris Local Security Checks NASL id SOLARIS10_120272-31.NASL description SunOS 5.10: SMA patch. Date this patch was last updated by Sun : Jun/30/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107359 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107359 title Solaris 10 (sparc) : 120272-31 NASL family Fedora Local Security Checks NASL id FEDORA_2009-1769.NASL description - Mon Feb 16 2009 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-3 - fix tcp_wrappers integration (CVE-2008-6123) - Mon Dec 1 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-2 - rebuild for fixed rpm (#473420) - Mon Nov 3 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-1 - explicitly require the right version and release of net-snmp and net-snmp-libs - update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36301 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36301 title Fedora 10 : net-snmp-5.4.2.1-3.fc10 (2009-1769) NASL family SuSE Local Security Checks NASL id SUSE_LIBSNMP15-5808.NASL description Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed : - typo in error message (bnc#439857) - fix duplicate registration warnings on startup (bnc#326957) - container insert errors reproducable with shared ip setups (bnc#396773) - typo in the snmpd init script to really load all agents (bnc#415127) - logrotate config to restart the snmptrapd aswell (bnc#378069) last seen 2020-06-01 modified 2020-06-02 plugin id 35027 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35027 title openSUSE 10 Security Update : libsnmp15 (libsnmp15-5808) NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_7.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38744 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38744 title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2008-9367.NASL description - Tue Jul 22 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-19 - fix perl SNMP::Session::set (#452131) - support interface names longer than 8 characters (#468045) - explicitly require the right version and release of net-snmp and net-snmp-libs - fix CVE-2008-4309 - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-18 - explicitly require lm_sensor > 3 for build (#442718) - fix various flaws (CVE-2008-2292 CVE-2008-0960) - Sat May 31 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-17 - fix sparc handling in /usr/bin/net-snmp-config - Thu May 29 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-16 - fix /usr/include/net-snmp-config.h for sparc - Sun May 25 2008 Dennis Gilmore <dennis at ausil.us> 5.4.1-15 - sparc multilib handling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34704 published 2008-11-06 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34704 title Fedora 9 : net-snmp-5.4.1-19.fc9 (2008-9367) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120273.NASL description SunOS 5.10_x86: SMA patch. Date this patch was last updated by Sun : May/11/17 This plugin has been deprecated and either replaced with individual 120273 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25391 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25391 title Solaris 10 (x86) : 120273-42 (deprecated) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0971.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name last seen 2020-06-01 modified 2020-06-02 plugin id 37176 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37176 title CentOS 3 / 4 / 5 : net-snmp (CESA-2008:0971) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120273-33.NASL description SunOS 5.10_x86: SMA patch. Date this patch was last updated by Sun : Jun/29/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107861 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107861 title Solaris 10 (x86) : 120273-33 NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-002.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38743 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38743 title Mac OS X Multiple Vulnerabilities (Security Update 2009-002) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBSNMP15-081121.NASL description Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed : - typo in error message (bnc#439857) - fix duplicate registration warnings on startup (bnc#326957) - container insert errors reproducable with shared ip setups (bnc#396773) - typo in the snmpd init script to really load all agents (bnc#415127) - logrotate config to restart the snmptrapd aswell (bnc#378069) last seen 2020-06-01 modified 2020-06-02 plugin id 40046 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40046 title openSUSE Security Update : libsnmp15 (libsnmp15-319) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0971.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name last seen 2020-06-01 modified 2020-06-02 plugin id 34691 published 2008-11-04 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34691 title RHEL 3 / 4 / 5 : net-snmp (RHSA-2008:0971)
Oval
accepted 2010-05-17T04:00:11.751-04:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Michael Wood organization Hewlett-Packard name J. Daniel Brown organization DTCC
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMWare ESX Server 3.0.2 is installed oval oval:org.mitre.oval:def:5613 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. family unix id oval:org.mitre.oval:def:6171 status accepted submitted 2009-09-23T15:39:02.000-04:00 title Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service version 5 accepted 2009-10-19T04:00:16.342-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. family unix id oval:org.mitre.oval:def:6353 status accepted submitted 2009-09-10T11:34:43.000-04:00 title Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition version 35 accepted 2013-04-29T04:22:50.422-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. family unix id oval:org.mitre.oval:def:9860 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. version 27
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | CVE(CAN) ID: CVE-2008-4309 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 Net-SNMP的实现上存在漏洞,远程攻击者可能利用此漏洞导致服务器拒绝服务。问题存在于agent/snmp_agent.c文件的netsnmp_create_subtree_cache()函数中,精心构造的畸形的SNMP GETBULK请求会导致函数发生整数溢出,在后续的处理中导致服务进程崩溃。 0 Net-SNMP net-snmp 5.4.x < 5.4.2.1 Net-SNMP net-snmp 5.3.x < 5.3.2.3 Net-SNMP net-snmp 5.2.x < 5.2.5.1 Net-SNMP -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://sourceforge.net/projects/net-snmp/ target=_blank>http://sourceforge.net/projects/net-snmp/</a> |
id | SSV:4402 |
last seen | 2017-11-19 |
modified | 2008-11-05 |
published | 2008-11-05 |
reporter | Root |
title | Net-SNMP GETBULK请求整数溢出拒绝服务漏洞 |
References
- http://www.openwall.com/lists/oss-security/2008/10/31/1
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
- http://sourceforge.net/forum/forum.php?forum_id=882903
- http://www.securityfocus.com/bid/32020
- http://www.debian.org/security/2008/dsa-1663
- http://secunia.com/advisories/32711
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
- http://secunia.com/advisories/32664
- http://secunia.com/advisories/33631
- http://security.gentoo.org/glsa/glsa-200901-15.xml
- http://www.vmware.com/security/advisories/VMSA-2009-0001.html
- http://www.redhat.com/support/errata/RHSA-2008-0971.html
- http://secunia.com/advisories/32560
- http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://secunia.com/advisories/33821
- http://secunia.com/advisories/32539
- http://www.securitytracker.com/id?1021129
- http://secunia.com/advisories/33095
- http://secunia.com/advisories/33003
- http://www.ubuntu.com/usn/usn-685-1
- http://secunia.com/advisories/33746
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- http://support.apple.com/kb/HT3549
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1
- http://secunia.com/advisories/35679
- http://www.vupen.com/english/advisories/2009/1771
- http://marc.info/?l=bugtraq&m=125017764422557&w=2
- http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
- http://support.apple.com/kb/HT4298
- http://www.vupen.com/english/advisories/2009/0301
- http://www.vupen.com/english/advisories/2008/3400
- http://www.vupen.com/english/advisories/2008/2973
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171
- http://www.securityfocus.com/archive/1/498280/100/0/threaded