[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4309Date: (C)2008-10-31   (M)2018-06-02


Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021129
http://www.securityfocus.com/archive/1/archive/1/498280/100/0/threaded
SUNALERT-262908
BID-32020
SECUNIA-32539
SECUNIA-32560
SECUNIA-32664
SECUNIA-32711
SECUNIA-33003
SECUNIA-33095
SECUNIA-33631
SECUNIA-33746
SECUNIA-33821
SECUNIA-35074
SECUNIA-35679
ADV-2008-2973
ADV-2008-3400
ADV-2009-0301
ADV-2009-1297
ADV-2009-1771
APPLE-SA-2009-05-12
APPLE-SA-2010-12-16-1
DSA-1663
GLSA-200901-15
HPSBMA02447
IAVM:2009-B-0006
MDVSA-2008:225
RHSA-2008:0971
SSRT090062
SUSE-SR:2009:003
TA09-133A
USN-685-1
http://www.openwall.com/lists/oss-security/2008/10/31/1
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
http://sourceforge.net/forum/forum.php?forum_id=882903
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT4298
http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
netsnmp-netsnmpcreatesubtreecache-dos(46262)

CPE    1
cpe:/a:net-snmp:net-snmp:5.4
CWE    1
CWE-20
OVAL    3
oval:org.mitre.oval:def:7025
oval:org.secpod.oval:def:101541
oval:org.secpod.oval:def:301402

© SecPod Technologies