FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4309

This CVE name corresponds to:

Entered Topic
2008-11-14 net-snmp -- DoS for SNMP agent via crafted GETBULK request

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4309 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4309
Phase Assigned(20080929)

Description

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

References

Source Reference
BUGTRAQ 20081112 rPSA-2008-0315-1 net-snmp net-snmp-client net-snmp-server net-snmp-utils
MISC http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=882903
MLIST [oss-security] 20081031 New net-snmp DoS
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0001.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
CONFIRM http://support.apple.com/kb/HT3549
CONFIRM http://support.apple.com/kb/HT4298
APPLE APPLE-SA-2009-05-12
APPLE APPLE-SA-2010-12-16-1
DEBIAN DSA-1663
GENTOO GLSA-200901-15
HP HPSBMA02447
HP SSRT090062
MANDRIVA MDVSA-2008:225
REDHAT RHSA-2008:0971
SUNALERT 262908
SUSE SUSE-SR:2009:003
UBUNTU USN-685-1
CERT TA09-133A
BID 32020
OVAL oval:org.mitre.oval:def:6171
OVAL oval:org.mitre.oval:def:6353
OVAL oval:org.mitre.oval:def:9860
SECTRACK 1021129
SECUNIA 32539
SECUNIA 33095
SECUNIA 33003
SECUNIA 33746
SECUNIA 35074
SECUNIA 35679
VUPEN ADV-2009-0301
VUPEN ADV-2008-3400
VUPEN ADV-2008-2973
SECUNIA 32711
SECUNIA 32664
SECUNIA 33631
SECUNIA 32560
SECUNIA 33821
VUPEN ADV-2009-1297
VUPEN ADV-2009-1771
XF netsnmp-netsnmpcreatesubtreecache-dos(46262)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.