Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:1361412562310830657
HistoryApr 09, 2009 - 12:00 a.m.

Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)

2009-04-0900:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
12

EPSS

0.049

Percentile

92.8%

JSON

Check for the Version of net-snmp

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A denial of service vulnerability was discovered in how Net-SNMP
  processed GETBULK requests.  A remote attacker with read access to
  the SNMP server could issue a specially-crafted request which would
  cause snmpd to crash (CVE-2008-4309).

  Please note that for this to be successfully exploited, an attacker
  must have read access to the SNMP server.  By default, the public
  community name grants read-only access, however it is recommended
  that the default community name be changed in production.
  
  The updated packages have been patched to correct this issue.";

tag_affected = "net-snmp on Mandriva Linux 2008.0,
  Mandriva Linux 2008.0/X86_64,
  Mandriva Linux 2008.1,
  Mandriva Linux 2008.1/X86_64,
  Mandriva Linux 2009.0,
  Mandriva Linux 2009.0/X86_64";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2008-11/msg00001.php");
  script_oid("1.3.6.1.4.1.25623.1.0.830657");
  script_version("$Revision: 9370 $");
  script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
  script_tag(name:"creation_date", value:"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name: "MDVSA", value: "2008:225");
  script_cve_id("CVE-2008-4309");
  script_name( "Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)");

  script_tag(name:"summary", value:"Check for the Version of net-snmp");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2008.0")
{

  if ((res = isrpmvuln(pkg:"libnet-snmp15", rpm:"libnet-snmp15~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-devel", rpm:"libnet-snmp-devel~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-static-devel", rpm:"libnet-snmp-static-devel~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp", rpm:"net-snmp~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-mibs", rpm:"net-snmp-mibs~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-trapd", rpm:"net-snmp-trapd~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-utils", rpm:"net-snmp-utils~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perl-NetSNMP", rpm:"perl-NetSNMP~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp15", rpm:"lib64net-snmp15~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-devel", rpm:"lib64net-snmp-devel~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-static-devel", rpm:"lib64net-snmp-static-devel~5.4.1~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2008.1")
{

  if ((res = isrpmvuln(pkg:"libnet-snmp15", rpm:"libnet-snmp15~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-devel", rpm:"libnet-snmp-devel~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-static-devel", rpm:"libnet-snmp-static-devel~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp", rpm:"net-snmp~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-mibs", rpm:"net-snmp-mibs~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-tkmib", rpm:"net-snmp-tkmib~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-trapd", rpm:"net-snmp-trapd~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-utils", rpm:"net-snmp-utils~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perl-NetSNMP", rpm:"perl-NetSNMP~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp15", rpm:"lib64net-snmp15~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-devel", rpm:"lib64net-snmp-devel~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-static-devel", rpm:"lib64net-snmp-static-devel~5.4.1~5.2mdv2008.1", rls:"MNDK_2008.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2009.0")
{

  if ((res = isrpmvuln(pkg:"libnet-snmp15", rpm:"libnet-snmp15~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-devel", rpm:"libnet-snmp-devel~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libnet-snmp-static-devel", rpm:"libnet-snmp-static-devel~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp", rpm:"net-snmp~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-mibs", rpm:"net-snmp-mibs~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-tkmib", rpm:"net-snmp-tkmib~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-trapd", rpm:"net-snmp-trapd~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"net-snmp-utils", rpm:"net-snmp-utils~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perl-NetSNMP", rpm:"perl-NetSNMP~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp15", rpm:"lib64net-snmp15~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-devel", rpm:"lib64net-snmp-devel~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64net-snmp-static-devel", rpm:"lib64net-snmp-static-devel~5.4.2~2.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

freebsd 1
nessus 29
gentoo 1
openvas 36
ubuntucve 2
veracode 1
redhat 1
cve 2
nvd 2
centos 1
slackware 1
oraclelinux 1
seebug 1
cvelist 2
checkpoint_advisories 1
prion 2
fedora 4
debiancve 2
vmware 3
securityvulns 5
osv 1
ubuntu 1
debian 1
freebsd
freebsd
net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-10-12 00:00:00
nessus
nessus
Slackware 12.0 / 12.1 / current : net-snmp (SSA:2008-320-02)
2008-11-17 00:00:00
Mandriva Linux Security Advisory : net-snmp (MDVSA-2008:225)
2009-04-23 00:00:00
openSUSE 10 Security Update : libsnmp15 (libsnmp15-5808)
2008-12-03 00:00:00
gentoo
gentoo
Net-SNMP: Denial of service
2009-01-21 00:00:00
openvas
openvas
CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64
2009-02-27 00:00:00
CentOS Update for net-snmp CESA-2008:0971 centos3 i386
2009-02-27 00:00:00
Oracle: Security Advisory (ELSA-2008-0971)
2015-10-08 00:00:00
ubuntucve
ubuntucve
CVE-2008-4309
2008-10-31 00:00:00
CVE-2009-1887
2009-06-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:26:33
redhat
redhat
(RHSA-2008:0971) Important: net-snmp security update
2008-11-03 00:00:00
cve
cve
CVE-2008-4309
2008-10-31 20:29:09
CVE-2009-1887
2009-06-26 18:30:00
nvd
nvd
CVE-2008-4309
2008-10-31 20:29:09
CVE-2009-1887
2009-06-26 18:30:00
centos
centos
net security update
2008-11-03 19:25:11
slackware
slackware
[slackware-security] net-snmp
2008-11-16 07:01:28
oraclelinux
oraclelinux
net-snmp security update
2008-11-03 00:00:00
seebug
seebug
Net-SNMP GETBULKθ―·ζ±‚ζ•΄ζ•°ζΊ’ε‡Ίζ‹’η»ζœεŠ‘ζΌζ΄ž
2008-11-05 00:00:00
cvelist
cvelist
CVE-2008-4309
2008-10-31 20:00:00
CVE-2009-1887
2009-06-26 18:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Net-SNMP Denial of Service
2009-02-06 00:00:00
prion
prion
Integer overflow
2008-10-31 20:29:00
Code injection
2009-06-26 18:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: net-snmp-5.4.2.1-1.fc10
2008-11-27 02:10:26
[SECURITY] Fedora 10 Update: net-snmp-5.4.2.1-3.fc10
2009-02-17 15:39:27
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
debiancve
debiancve
CVE-2008-4309
2008-10-31 20:29:09
CVE-2009-1887
2009-06-26 18:30:00
vmware
vmware
VMSA-2010-0003.1 ESX Service Console update for net-snmp
2010-02-16 00:00:00
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:156 ] net-snmp
2009-07-20 00:00:00
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
net-snmp multiple security vulnerabilities
2009-07-20 00:00:00
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16

EPSS

0.049

Percentile

92.8%

JSON
Related for OPENVAS:1361412562310830657
freebsd1nessus29gentoo1openvas36ubuntucve2veracode1redhat1cve2nvd2centos1slackware1oraclelinux1seebug1cvelist2checkpoint_advisories1prion2fedora4debiancve2vmware3securityvulns5osv1ubuntu1debian1