Vulnerability Details : CVE-2008-4309
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Vulnerability category: OverflowInput validationDenial of service
Products affected by CVE-2008-4309
- cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4309
4.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4309
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-4309
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4309
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860
404 Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171
404 Not Found
-
http://www.vupen.com/english/advisories/2009/1771
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2008-0971.html
Support
-
http://www.vupen.com/english/advisories/2009/1297
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.apple.com/kb/HT4298
About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 - Apple Support
-
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
net-snmp download | SourceForge.netVendor Advisory
-
http://www.securitytracker.com/id?1021129
GoDaddy Domain Name Search
-
http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
ASA-2008-467 (RHSA-2008-0971)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46262
Net-SNMP netsnmp_create_subtree_cache() denial of service CVE-2008-4309 Vulnerability Report
-
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
Support Content Notification - Support Portal - Broadcom support portal
-
http://www.securityfocus.com/archive/1/498280/100/0/threaded
-
http://www.ubuntu.com/usn/usn-685-1
USN-685-1: Net-SNMP vulnerabilities | Ubuntu security notices | Ubuntu
-
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353
404 Not Found
-
http://www.debian.org/security/2008/dsa-1663
-
http://marc.info/?l=bugtraq&m=125017764422557&w=2
'[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Si' - MARC
-
http://sourceforge.net/forum/forum.php?forum_id=882903
Page not found - SourceForge.net
-
http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
Apple - Lists.apple.com
-
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:003 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
-
http://security.gentoo.org/glsa/glsa-200901-15.xml
Net-SNMP: Denial of service (GLSA 200901-15) — Gentoo security
-
http://www.securityfocus.com/bid/32020
-
http://www.vupen.com/english/advisories/2009/0301
Site en construction
-
http://www.vupen.com/english/advisories/2008/3400
Site en construction
-
http://support.apple.com/kb/HT3549
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:225
Mandriva
-
http://www.openwall.com/lists/oss-security/2008/10/31/1
oss-security - New net-snmp DoS
-
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Apple Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2008/2973
Site en construction
Jump to