CVE-2008-2292
Published: 18 May 2008
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
Notes
Author | Note |
---|---|
nxvl | Upstream patch for 5.4 branch: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch |
Priority
Status
Package | Release | Status |
---|---|---|
net-snmp Launchpad, Ubuntu, Debian |
dapper |
Released
(5.2.1.2-4ubuntu2.3)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(5.3.1-6ubuntu2.2)
|
|
hardy |
Released
(5.4.1~dfsg-4ubuntu4.2)
|
|
intrepid |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: debdiff: http://launchpad.net/bugs/241892 |