CVE-2012-2141 – net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
https://notcve.org/view.php?id=CVE-2012-2141
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. Error de índice de array en la función nsExtendOutput2Table en agent/mibgroup/agent/extend.c en Net-SNMP v5.7.1 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de límites y fallo de snmpd) a través de una petición SNMP GET para una entrada que no está en la tabla de extensiones. • http://rhn.redhat.com/errata/RHSA-2013-0124.html http://secunia.com/advisories/48938 http://secunia.com/advisories/59974 http://support.citrix.com/article/CTX139049 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml http://www.openwall.com/lists/oss-security/2012/04/26/2 http://www.openwall.com/lists/oss-security/2012/04/26/3 http://www.securityfocus.com/bid/53255 http://www.securityfocus.com/bid/53258 http://www.securitytracker.com/id?1026984 https: •
CVE-2009-1887 – net-snmp: DoS (division by zero) via SNMP GetBulk requests
https://notcve.org/view.php?id=CVE-2009-1887
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. agent/snmp_agent.c en snmpd en net-snmp 5.0.9 en Red Hat Enterprise Linux (RHEL) 3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición SNMP GETBULK manipulada que dispara un error de división por 0. NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2008-4309. • http://www.mandriva.com/security/advisories?name=MDVSA-2009:156 http://www.redhat.com/support/errata/RHSA-2009-1124.html https://bugzilla.redhat.com/show_bug.cgi?id=506903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8426 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9716 https://access.redhat.com/security/cve/CVE-2009-1887 • CWE-369: Divide By Zero •
CVE-2008-6123 – net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}
https://notcve.org/view.php?id=CVE-2008-6123
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." La función netsnmp_udp_fmtaddr (snmplib/snmpUDPDomain.c) en net-snmp v5.0.9 hasta v5.4.2, cuando usando TCP wrappers para autorización de clientes, no analiza apropiadamente reglas hosts.allow, lo que permite a los atacantes remotos evitar restricciones de accesos intencionados y ejecuta consultas SNMP, relativas a "direcciones IP fuente/destino confusas". • http://bugs.gentoo.org/show_bug.cgi?id=250429 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 http://secunia.com/adviso • CWE-863: Incorrect Authorization •
CVE-2008-4309 – net-snmp: numresponses calculation integer overflow in snmp_agent.c
https://notcve.org/view.php?id=CVE-2008-4309
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. El código getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores relacionados con el número de respuestas o repeticiones. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272 http://secunia.com/advisories/32539 http://secunia.com/advisories/32560 http • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVE-2008-2292 – Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2292
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). Desbordamiento de búfer en la función __snprint_value de snmp_get en Net-SNMP 5.1.4, 5.2.4 y 5.4.1, como se usa en SNMP.xs para Perl, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un OCTETSTRING grande en un par atributo valor (AVP). • https://www.exploit-db.com/exploits/7100 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html http://secunia.com/advisories/30187 http://secunia.com/advisories/30615 http://secunia.com/advisories/30647 http://secunia.com/advisories/31155 http://secunia.com/advisories/31334 http://secunia.com/advisories/31351 http://secunia.com/advisories/31467 http://secunia.com/advisories/31568 http://secunia.com/advisories/32664 http://secunia.com/advisories/33003 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •