[Forgot Password]
Login  Register Subscribe

23631

 
 

126173

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-4309

Date: (C)2008-10-31   (M)2017-11-18 


Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
SECTRACK-1021129
http://www.securityfocus.com/archive/1/archive/1/498280/100/0/threaded
SUNALERT-262908
BID-32020
SECUNIA-32539
SECUNIA-32560
SECUNIA-32664
SECUNIA-32711
SECUNIA-33003
SECUNIA-33095
SECUNIA-33631
SECUNIA-33746
SECUNIA-33821
SECUNIA-35074
SECUNIA-35679
ADV-2008-2973
ADV-2008-3400
ADV-2009-0301
ADV-2009-1297
ADV-2009-1771
APPLE-SA-2009-05-12
APPLE-SA-2010-12-16-1
DSA-1663
GLSA-200901-15
HPSBMA02447
IAVM:2009-B-0006
MDVSA-2008:225
RHSA-2008:0971
SSRT090062
SUSE-SR:2009:003
TA09-133A
USN-685-1
http://www.openwall.com/lists/oss-security/2008/10/31/1
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
http://sourceforge.net/forum/forum.php?forum_id=882903
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT4298
http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
netsnmp-netsnmpcreatesubtreecache-dos(46262)

CPE    1
cpe:/a:net-snmp:net-snmp:5.4
CWE    1
CWE-20
OVAL    3
oval:org.secpod.oval:def:301402
oval:org.secpod.oval:def:101541
oval:org.mitre.oval:def:7025

© 2013 SecPod Technologies