Lucene search

[email protected]CVE-2008-2292

HistoryMay 18, 2008 - 2:20 p.m.

CVE-2008-2292

2008-05-1814:20:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-2292

buffer overflow

net-snmp

snmp

nvd

perl

denial of service

arbitrary code execution

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.238 Low

EPSS

Percentile

96.5%

JSON

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

CPENameOperatorVersion
net-snmp:net-snmpnet-snmpeq5.1.4
net-snmp:net-snmpnet-snmpeq5.2.4
net-snmp:net-snmpnet-snmpeq5.4.1

CPE	Name	Operator	Version
net-snmp:net-snmp	net-snmp	eq	5.1.4
net-snmp:net-snmp	net-snmp	eq	5.2.4
net-snmp:net-snmp	net-snmp	eq	5.4.1

References

lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html

secunia.com/advisories/30187

secunia.com/advisories/30615

secunia.com/advisories/30647

secunia.com/advisories/31155

secunia.com/advisories/31334

secunia.com/advisories/31351

secunia.com/advisories/31467

secunia.com/advisories/31568

secunia.com/advisories/32664

secunia.com/advisories/33003

security.gentoo.org/glsa/glsa-200808-02.xml

sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694

sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1

support.avaya.com/elmodocs2/security/ASA-2008-282.htm

www.debian.org/security/2008/dsa-1663

www.mandriva.com/security/advisories?name=MDVSA-2008:118

www.redhat.com/support/errata/RHSA-2008-0529.html

www.securityfocus.com/bid/29212

www.securitytracker.com/id?1020527

www.ubuntu.com/usn/usn-685-1

www.vmware.com/security/advisories/VMSA-2008-0013.html

www.vupen.com/english/advisories/2008/1528/references

www.vupen.com/english/advisories/2008/2141/references

www.vupen.com/english/advisories/2008/2361

exchange.xforce.ibmcloud.com/vulnerabilities/42430

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261

www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.238 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2008-2292

openvas48 prion1 exploitpack1 veracode1 seebug3 debiancve1 ubuntucve1 packetstorm1 exploitdb1 nessus24 cert1 slackware1 fedora5 oraclelinux1 redhat1 centos1 gentoo1 debian1 securityvulns2 ubuntu1 osv1 suse1 vmware2