Lucene search

RedhatCVE-2008-4309

HistoryOct 31, 2008 - 8:29 p.m.

CVE-2008-4309

2008-10-3120:29:09

CWE-20

redhat

web.nvd.nist.gov

cve-2008-4309

integer overflow

netsnmp

buffer overflow

denial of service

nvd

snmp

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.5

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Affected configurations

Nvd

Node

net-snmpnet-snmpMatch5.2.5

net-snmpnet-snmpMatch5.3.2.2

net-snmpnet-snmpMatch5.4

VendorProductVersionCPE
net-snmpnet-snmp5.2.5cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*
net-snmpnet-snmp5.3.2.2cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*
net-snmpnet-snmp5.4cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
net-snmp	net-snmp	5.2.5	cpe:2.3:a:net-snmp:net-snmp:5.2.5:::::::*
net-snmp	net-snmp	5.3.2.2	cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:::::::*
net-snmp	net-snmp	5.4	cpe:2.3:a:net-snmp:net-snmp:5.4:::::::*

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.apple.com/archives/security-announce/2010//Dec/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

marc.info/?l=bugtraq&m=125017764422557&w=2

net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272

secunia.com/advisories/32539

secunia.com/advisories/32560

secunia.com/advisories/32664

secunia.com/advisories/32711

secunia.com/advisories/33003

secunia.com/advisories/33095

secunia.com/advisories/33631

secunia.com/advisories/33746

secunia.com/advisories/33821

secunia.com/advisories/35074

secunia.com/advisories/35679

security.gentoo.org/glsa/glsa-200901-15.xml

sourceforge.net/forum/forum.php?forum_id=882903

sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1

support.apple.com/kb/HT3549

support.apple.com/kb/HT4298

support.avaya.com/elmodocs2/security/ASA-2008-467.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0315

www.debian.org/security/2008/dsa-1663

www.mandriva.com/security/advisories?name=MDVSA-2008:225

www.openwall.com/lists/oss-security/2008/10/31/1

www.redhat.com/support/errata/RHSA-2008-0971.html

www.securityfocus.com/archive/1/498280/100/0/threaded

www.securityfocus.com/bid/32020

www.securitytracker.com/id?1021129

www.ubuntu.com/usn/usn-685-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0001.html

www.vupen.com/english/advisories/2008/2973

www.vupen.com/english/advisories/2008/3400

www.vupen.com/english/advisories/2009/0301

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1771

exchange.xforce.ibmcloud.com/vulnerabilities/46262

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.5

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

CVE-2008-4309

Affected configurations

References

Related