Novell Home

CVE-2008-4309

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-4309 at MITRE

Description

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 440950, 514709

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • net-snmp >= 5.1.3.1-0.24
  • net-snmp-devel >= 5.1.3.1-0.24
  • perl-SNMP >= 5.1.3.1-0.24
core9.s390x
core9.s390
sles9-nld.x86-64
sles9-oes.x86
sles9-nlpos.x86
core9.ia64
sles9-nld.x86
core9.x86-64
core9.ppc
core9.x86
YOU Patch Nr: 12298
SUSE Linux Enterprise SDK 10 SP2
  • net-snmp-devel >= 5.3.0.1-25.28
sle10-sp1-sdk.x86
sle10-sp2-sdk.x86-64
sles10.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sles10-sp2.x86
sle10-sp1-sdk.ppc
sles10.x86
sles10.s390x
sles10-sp2.s390x
sles10.ia64
sled10-sp2.x86-64
sle10-sp1-sdk.s390x
sles10-sp2.ia64
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.ia64
sles10.ppc
sles10-sp2.x86-64
sled10.x86-64
sled10.x86
ZYPP Patch Nr: 5807
SUSE Linux Enterprise SDK 10 SP2
  • net-snmp-devel >= 5.3.0.1-25.28
  • net-snmp-devel-64bit >= 5.3.0.1-25.28
sle10-sp1-sdk.x86
sle10-sp2-sdk.x86-64
sles10.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sles10-sp2.x86
sle10-sp1-sdk.ppc
sles10.x86
sles10.s390x
sles10-sp2.s390x
sles10.ia64
sled10-sp2.x86-64
sle10-sp1-sdk.s390x
sles10-sp2.ia64
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.ia64
sles10.ppc
sles10-sp2.x86-64
sled10.x86-64
sled10.x86
ZYPP Patch Nr: 5807
openSUSE 11.0
  • net-snmp-debuginfo >= 5.4.1-77.4
  • net-snmp-debugsource >= 5.4.1-77.4
openSUSE 11.0
  • libsnmp15 >= 5.4.1-77.4
  • net-snmp >= 5.4.1-77.4
  • net-snmp-32bit >= 5.4.1-77.4
  • net-snmp-64bit >= 5.4.1-77.4
  • net-snmp-devel >= 5.4.1-77.4
  • net-snmp-devel-64bit >= 5.4.1-77.4
  • perl-SNMP >= 5.4.1-77.4
  • snmp-mibs >= 5.4.1-77.4

© 2014 Novell