Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4309

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4309
Last Modified 29 Oct 2012 11:17:03
Published 31 Oct 2008 04:29:09
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4309

Summary

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Vulnerable Systems

Application

  • Net-snmp 5.2.5

  • Net-snmp 5.3.2.2

  • Net-snmp 5.4


References

CERT - TA09-133A

XF - netsnmp-netsnmpcreatesubtreecache-dos(46262)

VUPEN - ADV-2009-1771

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-0301

VUPEN - ADV-2008-3400

VUPEN - ADV-2008-2973

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0001.html

UBUNTU - USN-685-1

SECTRACK - 1021129

BID - 32020

BUGTRAQ - 20081112 rPSA-2008-0315-1 net-snmp net-snmp-client net-snmp-server net-snmp-utils

REDHAT - RHSA-2008:0971

MLIST - [oss-security] 20081031 New net-snmp DoS

DEBIAN - DSA-1663

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm

CONFIRM - http://support.apple.com/kb/HT4298

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 262908

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=882903

GENTOO - GLSA-200901-15

SECUNIA - 35679

SECUNIA - 35074

SECUNIA - 33821

SECUNIA - 33746

SECUNIA - 33631

SECUNIA - 33095

SECUNIA - 33003

SECUNIA - 32711

SECUNIA - 32664

SECUNIA - 32560

SECUNIA - 32539

MISC - http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272

HP - SSRT090062

SUSE - SUSE-SR:2009:003

APPLE - APPLE-SA-2010-12-16-1

APPLE - APPLE-SA-2009-05-12

MANDRIVA - MDVSA-2008:225

HP - HPSBMA02447

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Novell SUSE 2008:5807 net-snmp security update for SLE 10 i586


Last Updated: 27 May 2016 10:49:43