Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://sourceforge.net/forum/forum.php?forum_id=882903 http://www.openwall.com/lists/oss-security/2008/10/31/1 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
http://www.vuxml.org/freebsd/daf045d7-b211-11dd-a987-000c29ca8953.html
Insight
The following packages are affected:
net-snmp
net-snmp53
CVE-2008-4309
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Severity
Classification
-
CVE CVE-2008-4309 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities