Lucene search
GoogleOSV:DSA-1663-1HistoryNov 09, 2008 - 12:00 a.m.
net-snmp - several vulnerabilities
2008-11-0900:00:00
Google
osv.dev
14
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Several vulnerabilities have been discovered in NET SNMP, a suite of
Simple Network Management Protocol applications. The Common
Vulnerabilities and Exposures project identifies the following problems:
- CVE-2008-0960
Wes Hardaker reported that the SNMPv3 HMAC verification relies on
the client to specify the HMAC length, which allows spoofing of
authenticated SNMPv3 packets. - CVE-2008-2292
John Kortink reported a buffer overflow in the __snprint_value
function in snmp_get causing a denial of service and potentially
allowing the execution of arbitrary code via a large OCTETSTRING
in an attribute value pair (AVP). - CVE-2008-4309
It was reported that an integer overflow in the
netsnmp_create_subtree_cache function in agent/snmp_agent.c allows
remote attackers to cause a denial of service attack via a crafted
SNMP GETBULK request.
For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.
We recommend that you upgrade your net-snmp package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| net-snmp | eq | 5.2.3-7 | |
| net-snmp | eq | 5.2.3-7etch1 | |
| net-snmp | eq | 5.2.3-7etch2 | |
| net-snmp | eq | 5.2.3-7etch3 |
References
Related
openvas
openvas
Ubuntu Update for net-snmp vulnerabilities USN-685-1
2009-03-23 00:00:00
Fedora Update for net-snmp FEDORA-2008-9367
2009-02-17 00:00:00
Debian Security Advisory DSA 1663-1 (net-snmp)
2008-11-19 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
nessus
nessus
Fedora 8 : net-snmp-5.4.1-8.fc8 (2008-9362)
2008-11-06 00:00:00
Debian DSA-1663-1 : net-snmp - several vulnerabilities
2008-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-19.fc9
2008-11-06 04:05:51
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
net-snmp multiple security vulnerabilities
2009-07-20 00:00:00
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
[slackware-security] net-snmp
2008-11-16 07:01:28
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
net-snmp security update
2008-11-03 00:00:00
redhat
redhat
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0971) Important: net-snmp security update
2008-11-03 00:00:00
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
centos
centos
net security update
2008-06-10 20:39:52
net security update
2008-11-03 19:25:11
ucd security update
2008-06-10 23:24:29
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
Net-SNMP: Denial of service
2009-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Net-SNMP Denial of Service
2009-02-06 00:00:00
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
prion
prion
Integer overflow
2008-10-31 20:29:00
Buffer overflow
2008-05-18 14:20:00
Authentication flaw
2008-06-10 18:32:00
debiancve
debiancve
seebug
seebug
Net-SNMP GETBULK请求整数溢出拒绝服务漏洞
2008-11-05 00:00:00
Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2008-11-13 00:00:00
Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2014-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:26:33
Arbitrary Code Execution
2020-04-10 00:31:19
Authentication Bypass
2020-04-10 00:31:19
ubuntucve
ubuntucve
freebsd
freebsd
net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-10-12 00:00:00
exploitpack
exploitpack
Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
cve
cve
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
VMSA-2010-0003.1 ESX Service Console update for net-snmp
2010-02-16 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
packetstorm
packetstorm
netsnmp-overflow.txt
2008-11-12 00:00:00
f5
f5
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-19 00:00:00
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
exploitdb
exploitdb
Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related for OSV:DSA-1663-1