Upstream information
Description
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libsnmp15-32bit-5.4.2.1-8.12.22.1 |
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA libsnmp15-32bit-5.4.2.1-8.2.1 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libsnmp15-32bit-5.4.2.1-8.12.6.1 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libsnmp15-32bit-5.4.2.1-8.12.16.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libsnmp15-32bit-5.4.2.1-8.12.22.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libsnmp15-32bit-5.4.2.1-8.12.22.1 |
SUSE Linux Enterprise Server 11-SECURITY |
| Patchnames: SUSE Linux Enterprise Server 11-SECURITY GA libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 |
SUSE Linux Micro 6.0 |
| Patchnames: SUSE Linux Micro 6.0 GA libsnmp40-5.9.3-2.21 |
SUSE Linux Micro 6.1 |
| Patchnames: SUSE Linux Micro 6.1 GA libsnmp40-5.9.3-slfo.1.1_1.2 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11082 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 06:33:44 2013CVE page last modified: Tue Dec 17 16:13:26 2024