[Pkg-net-snmp-devel] Bug#482333: net-snmp: CVE-2008-2292 buffer overflow in __snprint_value function
Nico Golde
nion at debian.org
Wed May 21 21:43:13 UTC 2008
Source: net-snmp
Version: 5.2.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.
CVE-2008-2292[0]:
| Buffer overflow in the __snprint_value function in snmp_get in
| Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows
| remote attackers to cause a denial of service (crash) and possibly
| execute arbitrary code via a large OCTETSTRING in an attribute value
| pair (AVP).
Patch for 5.4 branch:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
http://security-tracker.debian.net/tracker/CVE-2008-2292
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-net-snmp-devel/attachments/20080521/f7e8b176/attachment.pgp
More information about the Pkg-net-snmp-devel
mailing list