| Description: | Summary:
The remote host is missing an update for the Debian 'net-snmp' package(s) announced via the DSA-1663-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0960
Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets.
CVE-2008-2292
John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
CVE-2008-4309
It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
For the stable distribution (etch), these problems has been fixed in version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid) these problems have been fixed in version 5.4.1~
dfsg-11.
We recommend that you upgrade your net-snmp package.
Affected Software/OS:
'net-snmp' package(s) on Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
