Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-685-1
HistoryDec 03, 2008 - 12:00 a.m.

Net-SNMP vulnerabilities

2008-12-0300:00:00
ubuntu.com
38

7.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 6.06

Packages

  • net-snmp -

Details

Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. An unauthenticated remote attacker
could send specially crafted SNMPv3 traffic with a valid username
and gain access to the user’s views without a valid authentication
passphrase. (CVE-2008-0960)

John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)

It was discovered that the SNMP service did not correctly handle large
GETBULK requests. If an unauthenticated remote attacker sent a specially
crafted request, the SNMP service could be made to crash, leading to a
denial of service. (CVE-2008-4309)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchlibsnmp15< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.10noarchlibsnmp-dev< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.10noarchlibsnmp-perl< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.10noarchlibsnmp-python< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.10noarchsnmp< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.10noarchsnmpd< 5.4.1~dfsg-7.1ubuntu6.1UNKNOWN
Ubuntu8.04noarchlibsnmp-perl< 5.4.1~dfsg-4ubuntu4.2UNKNOWN
Ubuntu8.04noarchlibsnmp-dev< 5.4.1~dfsg-4ubuntu4.2UNKNOWN
Ubuntu8.04noarchlibsnmp-python< 5.4.1~dfsg-4ubuntu4.2UNKNOWN
Ubuntu8.04noarchlibsnmp15< 5.4.1~dfsg-4ubuntu4.2UNKNOWN
Rows per page:
1-10 of 221

Related

openvas 77
debian 1
nessus 48
osv 1
securityvulns 6
fedora 7
cert 1
slackware 2
oraclelinux 2
redhat 3
centos 3
gentoo 2
checkpoint_advisories 2
prion 4
debiancve 4
veracode 3
ubuntucve 4
freebsd 1
seebug 6
suse 1
vmware 5
exploitpack 2
cve 4
packetstorm 1
d2 1
f5 4
cisco 1
checkpoint_security 1
exploitdb 2
openvas
openvas
Ubuntu Update for net-snmp vulnerabilities USN-685-1
2009-03-23 00:00:00
Debian Security Advisory DSA 1663-1 (net-snmp)
2008-11-19 00:00:00
Fedora Update for net-snmp FEDORA-2008-9362
2009-02-17 00:00:00
debian
debian
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-09 09:49:16
nessus
nessus
Fedora 8 : net-snmp-5.4.1-8.fc8 (2008-9362)
2008-11-06 00:00:00
Debian DSA-1663-1 : net-snmp - several vulnerabilities
2008-11-09 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : net-snmp vulnerabilities (USN-685-1)
2009-04-23 00:00:00
osv
osv
net-snmp - several vulnerabilities
2008-11-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1663-1] New net-snmp packages fix several vulnerabilities
2008-11-10 00:00:00
net-snmp multiple security vulnerabilities
2009-07-20 00:00:00
Multiple SNMPv3 authentication implementations bypass
2008-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-8.fc8
2008-11-06 04:05:02
[SECURITY] Fedora 9 Update: net-snmp-5.4.1-19.fc9
2008-11-06 04:05:51
[SECURITY] Fedora 8 Update: net-snmp-5.4.1-7.fc8
2008-06-11 04:39:34
cert
cert
SNMPv3 improper HMAC validation allows authentication bypass
2008-06-10 00:00:00
slackware
slackware
[slackware-security] net-snmp
2008-07-29 05:33:31
[slackware-security] net-snmp
2008-11-16 07:01:28
oraclelinux
oraclelinux
net-snmp security update
2008-06-10 00:00:00
net-snmp security update
2008-11-03 00:00:00
redhat
redhat
(RHSA-2008:0529) Moderate: net-snmp security update
2008-06-10 00:00:00
(RHSA-2008:0971) Important: net-snmp security update
2008-11-03 00:00:00
(RHSA-2008:0528) Moderate: ucd-snmp security update
2008-06-10 00:00:00
centos
centos
net security update
2008-06-10 20:39:52
net security update
2008-11-03 19:25:11
ucd security update
2008-06-10 23:24:29
gentoo
gentoo
Net-SNMP: Multiple vulnerabilities
2008-08-06 00:00:00
Net-SNMP: Denial of service
2009-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Net-SNMP Denial of Service
2009-02-06 00:00:00
Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass (CVE-2008-0960)
2008-06-22 00:00:00
prion
prion
Integer overflow
2008-10-31 20:29:00
Buffer overflow
2008-05-18 14:20:00
Authentication flaw
2008-06-10 18:32:00
debiancve
debiancve
CVE-2008-4309
2008-10-31 20:29:00
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-0960
2008-06-10 18:32:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:26:33
Arbitrary Code Execution
2020-04-10 00:31:19
Authentication Bypass
2020-04-10 00:31:19
ubuntucve
ubuntucve
CVE-2008-4309
2008-10-31 00:00:00
CVE-2008-2292
2008-05-18 00:00:00
CVE-2008-0960
2008-06-10 00:00:00
freebsd
freebsd
net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-10-12 00:00:00
seebug
seebug
Net-SNMP GETBULK请求整数溢出拒绝服务漏洞
2008-11-05 00:00:00
Net-SNMP &lt;= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC
2008-11-13 00:00:00
Sun Solaris系统管理代理SNMP守护程序缓冲区溢出漏洞
2008-07-21 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
VMSA-2010-0003.1 ESX Service Console update for net-snmp
2010-02-16 00:00:00
exploitpack
exploitpack
Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00
cve
cve
CVE-2008-2292
2008-05-18 14:20:00
CVE-2008-4309
2008-10-31 20:29:00
CVE-2008-0960
2008-06-10 18:32:00
packetstorm
packetstorm
netsnmp-overflow.txt
2008-11-12 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SNMPV3
2008-06-10 18:32:00
f5
f5
K9025 : FirePass SNMP DoS vulnerability
2013-03-18 00:00:00
K8939 : SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2013-03-19 00:00:00
SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
2008-07-15 00:00:00
cisco
cisco
SNMP Version 3 Authentication Vulnerabilities
2008-06-10 00:00:00
checkpoint_security
checkpoint_security
Check Point response to NET-SNMP vulnerability CVE-2008-0960
2008-06-04 21:00:00
exploitdb
exploitdb
Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
2008-11-12 00:00:00
SNMPv3 - HMAC Validation error Remote Authentication Bypass
2008-06-12 00:00:00

7.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for USN-685-1
openvas77debian1nessus48osv1securityvulns6fedora7cert1slackware2oraclelinux2redhat3centos3gentoo2checkpoint_advisories2prion4debiancve4veracode3ubuntucve4freebsd1seebug6suse1vmware5exploitpack2cve4packetstorm1d21f54cisco1checkpoint_security1exploitdb2