Computer Security
[EN] securityvulns.ru no-pyccku


net-snmp multiple security vulnerabilities
updated since 10.11.2008
Published:20.07.2009
Source:
SecurityVulns ID:9414
Type:remote
Threat Level:
6/10
Description:Buffer overflow in snmp_get, integer overflow in SNMP agent.
Affected:NETSNMP : Net-SNMP 5.1
 NETSNMP : Net-SNMP 5.2
 NETSNMP : Net-SNMP 5.4
CVE:CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.)
 CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.)
 CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).)
Original documentdocumentMANDRIVA, [ MDVSA-2009:156 ] net-snmp (20.07.2009)
 documentDEBIAN, [SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities (10.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod