Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-685-1.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : net-snmp vulnerabilities (USN-685-1)

2009-04-2300:00:00
Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user’s views without a valid authentication passphrase. (CVE-2008-0960)

John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292)

It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-685-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(38099);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2008-0960", "CVE-2008-2292", "CVE-2008-4309");
  script_bugtraq_id(29212, 29623, 32020);
  script_xref(name:"USN", value:"685-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : net-snmp vulnerabilities (USN-685-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Wes Hardaker discovered that the SNMP service did not correctly
validate HMAC authentication requests. An unauthenticated remote
attacker could send specially crafted SNMPv3 traffic with a valid
username and gain access to the user's views without a valid
authentication passphrase. (CVE-2008-0960)

John Kortink discovered that the Net-SNMP Perl module did not
correctly check the size of returned values. If a user or automated
system were tricked into querying a malicious SNMP server, the
application using the Perl module could be made to crash, leading to a
denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292)

It was discovered that the SNMP service did not correctly handle large
GETBULK requests. If an unauthenticated remote attacker sent a
specially crafted request, the SNMP service could be made to crash,
leading to a denial of service. (CVE-2008-4309).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/685-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(20, 119, 287);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsnmp9-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:snmpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tkmib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.10|8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04 / 8.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libsnmp-base", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsnmp-perl", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsnmp9", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsnmp9-dev", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"snmp", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"snmpd", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"tkmib", pkgver:"5.2.1.2-4ubuntu2.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libsnmp-base", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libsnmp-dev", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libsnmp-perl", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libsnmp10", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"snmp", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"snmpd", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"tkmib", pkgver:"5.3.1-6ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsnmp-base", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsnmp-dev", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsnmp-perl", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsnmp-python", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsnmp15", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"snmp", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"snmpd", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"tkmib", pkgver:"5.4.1~dfsg-4ubuntu4.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsnmp-base", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsnmp-dev", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsnmp-perl", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsnmp-python", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsnmp15", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"snmp", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"snmpd", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"tkmib", pkgver:"5.4.1~dfsg-7.1ubuntu6.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsnmp-base / libsnmp-dev / libsnmp-perl / libsnmp-python / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibsnmp-basep-cpe:/a:canonical:ubuntu_linux:libsnmp-base
canonicalubuntu_linuxlibsnmp-devp-cpe:/a:canonical:ubuntu_linux:libsnmp-dev
canonicalubuntu_linuxlibsnmp15p-cpe:/a:canonical:ubuntu_linux:libsnmp15
canonicalubuntu_linuxlibsnmp9p-cpe:/a:canonical:ubuntu_linux:libsnmp9
canonicalubuntu_linuxlibsnmp9-devp-cpe:/a:canonical:ubuntu_linux:libsnmp9-dev
canonicalubuntu_linuxsnmpp-cpe:/a:canonical:ubuntu_linux:snmp
canonicalubuntu_linuxsnmpdp-cpe:/a:canonical:ubuntu_linux:snmpd
canonicalubuntu_linuxtkmibp-cpe:/a:canonical:ubuntu_linux:tkmib
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
canonicalubuntu_linux7.10cpe:/o:canonical:ubuntu_linux:7.10
Rows per page:
1-10 of 151

Related

openvas 77
debian 1
fedora 7
ubuntu 1
nessus 48
osv 1
securityvulns 6
cert 1
slackware 2
gentoo 2
oraclelinux 2
redhat 3
centos 3
checkpoint_advisories 2
prion 4
debiancve 4
seebug 6
veracode 3
exploitpack 2
cve 4
ubuntucve 4
freebsd 1
packetstorm 1
vmware 4
suse 1
checkpoint_security 1
f5 4
cisco 1
d2 1
exploitdb 2
openvas
openvas
Ubuntu Update for net-snmp vulnerabilities USN-685-1
2009-03-23 00:00:00
Fedora Update for net-snmp FEDORA-2008-9367
2009-02-17 00:00:00
Fedora Update for net-snmp FEDORA-2008-9367
2009-02-17 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:25
fedora
fedora
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-19.fc9
2008-11-06 04:05:51
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
2008-06-11 04:39:24
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
nessus
nessus
Solaris 10 (x86) : 120273-42 (deprecated)
2007-06-04 00:00:00
Solaris 10 (x86) : 120273-33
2018-03-12 00:00:00
Fedora 9 : net-snmp-5.4.1-19.fc9 (2008-9367)
2008-11-06 00:00:00
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
net-snmp multiple security vulnerabilities
2009-07-20 00:00:00
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008-06-10 00:00:00
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
[slackware-security] net-snmp
2008-11-16 07:01:28
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
Net-SNMP: Denial of service
2009-01-21 00:00:00
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
net-snmp security update
2008-11-03 00:00:00
redhat
redhat
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0971) Important: net-snmp security update
2008-11-03 00:00:00
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
centos
centos
net security update
2008-06-10 20:39:52
net security update
2008-11-03 19:25:11
ucd security update
2008-06-10 23:24:29
checkpoint_advisories
checkpoint_advisories
Update Protection against Net-SNMP Denial of Service
2009-02-06 00:00:00
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
prion
prion
Integer overflow
2008-10-31 20:29:00
Buffer overflow
2008-05-18 14:20:00
Authentication flaw
2008-06-10 18:32:00
debiancve
debiancve
CVE-2008-4309
2008-10-31 20:29:00
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
seebug
seebug
Net-SNMP GETBULK请求整数溢出拒绝服务漏洞
2008-11-05 00:00:00
Net-SNMP &lt;= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2008-11-13 00:00:00
Sun Solaris系统管理代理SNMP守护程序缓冲区溢出漏洞
2008-07-21 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:19
Denial Of Service (DoS)
2020-04-10 00:26:33
Authentication Bypass
2020-04-10 00:31:19
exploitpack
exploitpack
Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
cve
cve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-4309
2008-10-31 20:29:00
CVE-2008-0960
2008-06-10 18:32:00
ubuntucve
ubuntucve
CVE-2008-4309
2008-10-31 00:00:00
CVE-2008-2292
2008-05-18 00:00:00
CVE-2008-0960
2008-06-10 00:00:00
freebsd
freebsd
net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-10-12 00:00:00
packetstorm
packetstorm
netsnmp-overflow.txt
2008-11-12 00:00:00
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
VMSA-2010-0003.1 ESX Service Console update for net-snmp
2010-02-16 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
f5
f5
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
SOL9025 - FirePass SNMP DoS vulnerability
2008-07-31 00:00:00
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
exploitdb
exploitdb
Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
JSON
Related for UBUNTU_USN-685-1.NASL
openvas77debian1fedora7ubuntu1nessus48osv1securityvulns6cert1slackware2gentoo2oraclelinux2redhat3centos3checkpoint_advisories2prion4debiancve4seebug6veracode3exploitpack2cve4ubuntucve4freebsd1packetstorm1vmware4suse1checkpoint_security1f54cisco1d21exploitdb2