SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-4309

Date: (C)2008-10-31 (M)2024-01-19

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1021129

http://www.securityfocus.com/archive/1/498280/100/0/threaded

SUNALERT-262908

APPLE-SA-2009-05-12

APPLE-SA-2010-12-16-1

SUSE-SR:2009:003

http://www.openwall.com/lists/oss-security/2008/10/31/1

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272

http://sourceforge.net/forum/forum.php?forum_id=882903

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT4298

http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315

http://www.vmware.com/security/advisories/VMSA-2009-0001.html

netsnmp-netsnmpcreatesubtreecache-dos(46262)

oval:org.mitre.oval:def:6171

oval:org.mitre.oval:def:6353

oval:org.mitre.oval:def:9860

cpe:/a:net-snmp:net-snmp:5.4

oval:org.mitre.oval:def:7025
oval:org.secpod.oval:def:301402
oval:org.secpod.oval:def:101541

© SecPod Technologies