CPANSA-Net-SNMP-2008-2292: Net-SNMP vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2008-05-18T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2008-05-18T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Vulnerabilities
CVE-2008-2292
Vulnerability DescriptionBuffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
| Weakness | CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Net-SNMP greater than or equal 5.1.4 and less than 6.0.0 |
|
Fixed
- Net-SNMP greater than or equal 6.0.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Net-SNMP-2008-2292 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2008/cpansa-net-snmp-2008-2292.json - http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694 external
http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694 - http://www.securityfocus.com/bid/29212 external
http://www.securityfocus.com/bid/29212 - http://secunia.com/advisories/30187 external
http://secunia.com/advisories/30187 - https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html external
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html - http://www.vmware.com/security/advisories/VMSA-2008-0013.html external
http://www.vmware.com/security/advisories/VMSA-2008-0013.html - http://secunia.com/advisories/31334 external
http://secunia.com/advisories/31334 - http://secunia.com/advisories/30647 external
http://secunia.com/advisories/30647 - http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html external
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html - https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html external
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html - http://secunia.com/advisories/31155 external
http://secunia.com/advisories/31155 - http://secunia.com/advisories/31351 external
http://secunia.com/advisories/31351 - http://security.gentoo.org/glsa/glsa-200808-02.xml external
http://security.gentoo.org/glsa/glsa-200808-02.xml - http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1 - http://www.mandriva.com/security/advisories?name=MDVSA-2008:118 external
http://www.mandriva.com/security/advisories?name=MDVSA-2008:118 - http://secunia.com/advisories/31467 external
http://secunia.com/advisories/31467 - https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html external
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html - http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm external
http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm - http://secunia.com/advisories/31568 external
http://secunia.com/advisories/31568 - http://www.debian.org/security/2008/dsa-1663 external
http://www.debian.org/security/2008/dsa-1663 - http://secunia.com/advisories/30615 external
http://secunia.com/advisories/30615 - http://www.redhat.com/support/errata/RHSA-2008-0529.html external
http://www.redhat.com/support/errata/RHSA-2008-0529.html - http://secunia.com/advisories/32664 external
http://secunia.com/advisories/32664 - http://www.ubuntu.com/usn/usn-685-1 external
http://www.ubuntu.com/usn/usn-685-1 - http://secunia.com/advisories/33003 external
http://secunia.com/advisories/33003 - http://www.vupen.com/english/advisories/2008/2361 external
http://www.vupen.com/english/advisories/2008/2361 - http://www.vupen.com/english/advisories/2008/2141/references external
http://www.vupen.com/english/advisories/2008/2141/references - http://www.vupen.com/english/advisories/2008/1528/references external
http://www.vupen.com/english/advisories/2008/1528/references - http://www.securitytracker.com/id?1020527 external
http://www.securitytracker.com/id?1020527 - https://exchange.xforce.ibmcloud.com/vulnerabilities/42430 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/42430 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261 - CVE-2008-2292 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2008-2292
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Sun May 18 00:00:00 2008 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/