Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-4309

Published: 31/10/2008 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Net-snmp

Vulnerability Summary

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 prior to 5.4.2.1, 5.3 prior to 5.3.2.3, and 5.2 prior to 5.2.5.1 allows remote malicious users to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Vulnerable Product Search on Vulmon Subscribe to Product

net-snmp net-snmp 5.4

net-snmp net-snmp 5.3.2.2

net-snmp net-snmp 5.2.5

Vendor Advisories

Red Hat: Important: net-snmp security update
Synopsis Important: net-snmp security update Type/Severity Security Advisory: Important Topic Updated net-snmp packages that fix a security issue are now available forRed Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Security Response Team ...
Debian CVElist Bug Report Logs: CVE-2008-6123: Access restriction bypass
Debian Bug report logs - #516801 CVE-2008-6123: Access restriction bypass Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 23 Feb 2009 18:45:01 UTC Severity: grave Tags: security Fixed in ve ...
Debian CVElist Bug Report Logs: snmpd: DoS in getbulk handling code in net-snmp
Debian Bug report logs - #504150 snmpd: DoS in getbulk handling code in net-snmp Package: snmpd; Maintainer for snmpd is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Source for snmpd is src:net-snmp (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 1 ...
Ubuntu Security Notice: net-snmp vulnerabilities
Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user’s views without a valid authentication passphrase (CVE-2008-0960) ...
Debian Security Advisories: DSA-1663-1 net-snmp -- several vulnerabilities
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofin ...

References

CWE-20http://www.openwall.com/lists/oss-security/2008/10/31/1http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272http://sourceforge.net/forum/forum.php?forum_id=882903http://www.securityfocus.com/bid/32020http://www.debian.org/security/2008/dsa-1663http://secunia.com/advisories/32711http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315http://secunia.com/advisories/32664http://secunia.com/advisories/33631http://security.gentoo.org/glsa/glsa-200901-15.xmlhttp://www.vmware.com/security/advisories/VMSA-2009-0001.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0971.htmlhttp://secunia.com/advisories/32560http://support.avaya.com/elmodocs2/security/ASA-2008-467.htmhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33821http://secunia.com/advisories/32539http://www.securitytracker.com/id?1021129http://secunia.com/advisories/33095http://secunia.com/advisories/33003http://www.ubuntu.com/usn/usn-685-1http://secunia.com/advisories/33746http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/1297http://support.apple.com/kb/HT3549http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://secunia.com/advisories/35074http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1http://secunia.com/advisories/35679http://www.vupen.com/english/advisories/2009/1771http://marc.info/?l=bugtraq&m=125017764422557&w=2http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlhttp://support.apple.com/kb/HT4298http://www.vupen.com/english/advisories/2009/0301http://www.vupen.com/english/advisories/2008/3400http://www.vupen.com/english/advisories/2008/2973http://www.mandriva.com/security/advisories?name=MDVSA-2008:225https://exchange.xforce.ibmcloud.com/vulnerabilities/46262https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171http://www.securityfocus.com/archive/1/498280/100/0/threadedhttps://access.redhat.com/errata/RHSA-2008:0971https://nvd.nist.govhttps://usn.ubuntu.com/685-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook