Lucene search

PRIOn knowledge basePRION:CVE-2008-4309

HistoryOct 31, 2008 - 8:29 p.m.

Integer overflow

2008-10-3120:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.5%

JSON

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

CPENameOperatorVersion
net-snmpeq5.4
net-snmpeq5.3.2.2
net-snmpeq5.2.5

Name	Operator	Version
net-snmp	eq	5.4
net-snmp	eq	5.3.2.2
net-snmp	eq	5.2.5

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.apple.com/archives/security-announce/2010//Dec/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272

secunia.com/advisories/32539

secunia.com/advisories/32560

secunia.com/advisories/32664

secunia.com/advisories/32711

secunia.com/advisories/33003

secunia.com/advisories/33095

secunia.com/advisories/33631

secunia.com/advisories/33746

secunia.com/advisories/33821

secunia.com/advisories/35074

secunia.com/advisories/35679

security.gentoo.org/glsa/glsa-200901-15.xml

sourceforge.net/forum/forum.php?forum_id=882903

sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1

support.apple.com/kb/HT3549

support.apple.com/kb/HT4298

support.avaya.com/elmodocs2/security/ASA-2008-467.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0315

www.debian.org/security/2008/dsa-1663

www.mandriva.com/security/advisories?name=MDVSA-2008:225

www.openwall.com/lists/oss-security/2008/10/31/1

www.redhat.com/support/errata/RHSA-2008-0971.html

www.securityfocus.com/archive/1/498280/100/0/threaded

www.securityfocus.com/bid/32020

www.securitytracker.com/id?1021129

www.ubuntu.com/usn/usn-685-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0001.html

www.vupen.com/english/advisories/2008/2973

www.vupen.com/english/advisories/2008/3400

www.vupen.com/english/advisories/2009/0301

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1771

exchange.xforce.ibmcloud.com/vulnerabilities/46262

marc.info/?l=bugtraq&m=125017764422557&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.5%

JSON

Related for PRION:CVE-2008-4309