Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0529
HistoryJun 10, 2008 - 8:39 p.m.

net security update

2008-06-1020:39:52
CentOS Project
lists.centos.org
49

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

CentOS Errata and Security Advisory CESA-2008:0529

The Simple Network Management Protocol (SNMP) is a protocol used for
network management.

A flaw was found in the way Net-SNMP checked an SNMPv3 packet’s Keyed-Hash
Message Authentication Code (HMAC). An attacker could use this flaw to
spoof an authenticated SNMPv3 packet. (CVE-2008-0960)

A buffer overflow was found in the Perl bindings for Net-SNMP. This could
be exploited if an attacker could convince an application using the
Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)

All users of net-snmp should upgrade to these updated packages, which
contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077132.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077133.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077142.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077145.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077148.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077151.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077176.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077177.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077202.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077203.html

Affected packages:
net-snmp
net-snmp-devel
net-snmp-libs
net-snmp-perl
net-snmp-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0529

OSVersionArchitecturePackageVersionFilename
CentOS3i386net-snmp< 5.0.9-2.30E.24net-snmp-5.0.9-2.30E.24.i386.rpm
CentOS3i386net-snmp-devel< 5.0.9-2.30E.24net-snmp-devel-5.0.9-2.30E.24.i386.rpm
CentOS3i386net-snmp-libs< 5.0.9-2.30E.24net-snmp-libs-5.0.9-2.30E.24.i386.rpm
CentOS3i386net-snmp-perl< 5.0.9-2.30E.24net-snmp-perl-5.0.9-2.30E.24.i386.rpm
CentOS3i386net-snmp-utils< 5.0.9-2.30E.24net-snmp-utils-5.0.9-2.30E.24.i386.rpm
CentOS3x86_64net-snmp< 5.0.9-2.30E.24net-snmp-5.0.9-2.30E.24.x86_64.rpm
CentOS3x86_64net-snmp-devel< 5.0.9-2.30E.24net-snmp-devel-5.0.9-2.30E.24.x86_64.rpm
CentOS3i386net-snmp-libs< 5.0.9-2.30E.24net-snmp-libs-5.0.9-2.30E.24.i386.rpm
CentOS3x86_64net-snmp-libs< 5.0.9-2.30E.24net-snmp-libs-5.0.9-2.30E.24.x86_64.rpm
CentOS3x86_64net-snmp-perl< 5.0.9-2.30E.24net-snmp-perl-5.0.9-2.30E.24.x86_64.rpm
Rows per page:
1-10 of 641

Related

openvas 54
nessus 35
cert 1
slackware 1
oraclelinux 1
redhat 2
fedora 5
gentoo 1
debian 1
ubuntu 1
osv 1
securityvulns 5
prion 2
veracode 2
exploitpack 2
seebug 5
cve 2
vmware 4
suse 1
packetstorm 1
debiancve 2
ubuntucve 2
checkpoint_advisories 1
f5 4
cisco 1
checkpoint_security 1
centos 1
d2 1
exploitdb 2
openvas
openvas
Gentoo Security Advisory GLSA 200808-02 (net-snmp)
2008-09-24 00:00:00
CentOS Update for net-snmp CESA-2008:0529 centos4 i386
2009-02-27 00:00:00
Fedora Update for net-snmp FEDORA-2008-5215
2009-02-17 00:00:00
nessus
nessus
RHEL 4 / 5 : net-snmp (RHSA-2008:0529)
2008-06-12 00:00:00
GLSA-200808-02 : Net-SNMP: Multiple vulnerabilities
2008-08-07 00:00:00
Fedora 8 : net-snmp-5.4.1-7.fc8 (2008-5218)
2008-06-12 00:00:00
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
redhat
redhat
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
2008-06-11 04:39:24
[SECURITY] Fedora 7 Update: net-snmp-5.4-18.fc7
2008-06-11 04:39:52
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008-06-10 00:00:00
prion
prion
Buffer overflow
2008-05-18 14:20:00
Authentication flaw
2008-06-10 18:32:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:19
Authentication Bypass
2020-04-10 00:31:19
exploitpack
exploitpack
Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
seebug
seebug
Net-SNMP &lt;= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2008-11-13 00:00:00
Sun Solaris系统管理代理SNMP守护程序缓冲区溢出漏洞
2008-07-21 00:00:00
Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2014-07-01 00:00:00
cve
cve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
packetstorm
packetstorm
netsnmp-overflow.txt
2008-11-12 00:00:00
debiancve
debiancve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
ubuntucve
ubuntucve
CVE-2008-2292
2008-05-18 00:00:00
CVE-2008-0960
2008-06-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
f5
f5
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-19 00:00:00
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
centos
centos
ucd security update
2008-06-10 23:24:29
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
exploitdb
exploitdb
Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for CESA-2008:0529
openvas54nessus35cert1slackware1oraclelinux1redhat2fedora5gentoo1debian1ubuntu1osv1securityvulns5prion2veracode2exploitpack2seebug5cve2vmware4suse1packetstorm1debiancve2ubuntucve2checkpoint_advisories1f54cisco1checkpoint_security1centos1d21exploitdb2