Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2008-210-07
HistoryJul 29, 2008 - 5:33 a.m.

[slackware-security] net-snmp

2008-07-2905:33:31
Slackware Linux Project
www.slackware.com
14

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

New net-snmp packages are available for Slackware 12.0, 12.1, and -current to
fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2008-0960
https://vulners.com/cve/CVE-2008-2292

Here are the details from the Slackware 12.1 ChangeLog:

patches/packages/net-snmp-5.4.1.2-i486-1_slack12.1.tgz:
Upgraded to net-snmp-5.4.1.2.
A vulnerability was discovered where an attacked could spoof an authenticated
SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was
found that could be exploited if an application using the net-snmp perl
modules connects to a malicious server.
For more information, see:
https://vulners.com/cve/CVE-2008-0960
https://vulners.com/cve/CVE-2008-2292
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/net-snmp-5.4.1.2-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/net-snmp-5.4.1.2-i486-1_slack12.1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/net-snmp-5.4.1.2-i486-1.tgz

MD5 signatures:

Slackware 12.0 package:
e5c916d2bf7a865d48547b727fc21d26 net-snmp-5.4.1.2-i486-1_slack12.0.tgz

Slackware 12.1 package:
9e42a9a2aad1caffde814d4d5346b707 net-snmp-5.4.1.2-i486-1_slack12.1.tgz

Slackware -current package:
611ca8b6481ff2e9860f6ecff5e6367c net-snmp-5.4.1.2-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg net-snmp-5.4.1.2-i486-1_slack12.1.tgz

Related

openvas 54
nessus 35
cert 1
fedora 5
gentoo 1
oraclelinux 1
redhat 2
centos 2
ubuntu 1
debian 1
osv 1
securityvulns 5
suse 1
vmware 4
prion 2
veracode 2
exploitpack 2
seebug 5
cve 2
packetstorm 1
debiancve 2
ubuntucve 2
d2 1
checkpoint_advisories 1
f5 4
cisco 1
checkpoint_security 1
exploitdb 2
openvas
openvas
Gentoo Security Advisory GLSA 200808-02 (net-snmp)
2008-09-24 00:00:00
CentOS Update for net-snmp CESA-2008:0529 centos4 i386
2009-02-27 00:00:00
Fedora Update for net-snmp FEDORA-2008-5215
2009-02-17 00:00:00
nessus
nessus
RHEL 4 / 5 : net-snmp (RHSA-2008:0529)
2008-06-12 00:00:00
GLSA-200808-02 : Net-SNMP: Multiple vulnerabilities
2008-08-07 00:00:00
Fedora 8 : net-snmp-5.4.1-7.fc8 (2008-5218)
2008-06-12 00:00:00
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-18.fc9
2008-06-11 04:39:24
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
redhat
redhat
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
centos
centos
net security update
2008-06-10 20:39:52
ucd security update
2008-06-10 23:24:29
ubuntu
ubuntu
Net-SNMP vulnerabilities
2008-12-03 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
Multiple SNMPv3 authentication implementations bypass
2008-06-10 00:00:00
Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
prion
prion
Buffer overflow
2008-05-18 14:20:00
Authentication flaw
2008-06-10 18:32:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:19
Authentication Bypass
2020-04-10 00:31:19
exploitpack
exploitpack
Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
seebug
seebug
Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2008-11-13 00:00:00
Sun Solaris系统管理代理SNMP守护程序缓冲区溢出漏洞
2008-07-21 00:00:00
Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2014-07-01 00:00:00
cve
cve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
packetstorm
packetstorm
netsnmp-overflow.txt
2008-11-12 00:00:00
debiancve
debiancve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
ubuntucve
ubuntucve
CVE-2008-2292
2008-05-18 00:00:00
CVE-2008-0960
2008-06-10 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
f5
f5
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-19 00:00:00
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
exploitdb
exploitdb
Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for SSA-2008-210-07
openvas54nessus35cert1fedora5gentoo1oraclelinux1redhat2centos2ubuntu1debian1osv1securityvulns5suse1vmware4prion2veracode2exploitpack2seebug5cve2packetstorm1debiancve2ubuntucve2d21checkpoint_advisories1f54cisco1checkpoint_security1exploitdb2