Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2292

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2292
Last Modified 26 Nov 2012 10:46:38
Published 18 May 2008 10:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2292

Summary

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Vulnerable Systems

Application

  • Net-snmp 5.1.4

  • Net-snmp 5.2.4

  • Net-snmp 5.4.1


References

FEDORA - FEDORA-2008-5218

FEDORA - FEDORA-2008-5224

FEDORA - FEDORA-2008-5215

XF - netsnmp-snprintvalue-bo(42430)

VUPEN - ADV-2008-2361

VUPEN - ADV-2008-2141

VUPEN - ADV-2008-1528

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0013.html

UBUNTU - USN-685-1

BID - 29212

REDHAT - RHSA-2008:0529

MANDRIVA - MDVSA-2008:118

DEBIAN - DSA-1663

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm

SUNALERT - 239785

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694

GENTOO - GLSA-200808-02

SECUNIA - 33003

SECUNIA - 32664

SECUNIA - 31568

SECUNIA - 31467

SECUNIA - 31351

SECUNIA - 31334

SECUNIA - 31155

SECUNIA - 30647

SECUNIA - 30615

SECUNIA - 30187

SUSE - SUSE-SA:2008:039

SECTRACK - 1020527


Last Updated: 27 May 2016 10:47:22