Executive Summary

Informations
Name CVE-2009-1887 First vendor Publication 2009-06-26
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-369 Divide By Zero

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8426
 
Oval ID: oval:org.mitre.oval:def:8426
Title: VMware net-snmp divide-by-zero vulnerability
Description: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1887
 Version: 2
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9716
 
Oval ID: oval:org.mitre.oval:def:9716
Title: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Description: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1887
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for net-snmp CESA-2009:1124 centos3 i386
File : nvt/gb_CESA-2009_1124_net-snmp_centos3_i386.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
File : nvt/mdksa_2009_156.nasl
2009-06-30 Name : RedHat Security Advisory RHSA-2009:1124
File : nvt/RHSA_2009_1124.nasl
2009-06-30 Name : CentOS Security Advisory CESA-2009:1124 (net-snmp)
File : nvt/ovcesa2009_1124.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56459 Net-SNMP snmpd agent/snmp_agent.c Crafted GETBULK Request Remote DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1124.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090625_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-02-17 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1124.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1124.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=506903
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:156
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2009-1124.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2023-11-07 21:47:42
  • Multiple Updates
2023-02-13 09:29:18
  • Multiple Updates
2022-02-04 12:07:23
  • Multiple Updates
2020-05-23 00:23:51
  • Multiple Updates
2017-09-29 09:24:15
  • Multiple Updates
2016-04-26 18:52:10
  • Multiple Updates
2014-02-17 10:50:17
  • Multiple Updates
2013-05-10 23:51:44
  • Multiple Updates