Your submission was sent successfully! Close

CVE-2008-2292

Published: 18 May 2008

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Notes

AuthorNote
nxvl
Upstream patch for 5.4 branch: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch
Priority

Low

Status

Package Release Status
net-snmp
Launchpad, Ubuntu, Debian
dapper
Released (5.2.1.2-4ubuntu2.3)
feisty Needed
(reached end-of-life)
gutsy
Released (5.3.1-6ubuntu2.2)
hardy
Released (5.4.1~dfsg-4ubuntu4.2)
intrepid Not vulnerable

upstream Needs triage

Patches:
debdiff: http://launchpad.net/bugs/241892