Executive Summary
Summary | |
---|---|
Title | New net-snmp packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1663 | First vendor Publication | 2008-11-09 |
Vendor | Debian | Last vendor Modification | 2008-11-09 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0960 Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. CVE-2008-2292 John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). CVE-2008-4309 It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request. For the stable distribution (etch), these problems has been fixed in version 5.2.3-7etch4. For the testing distribution (lenny) and unstable distribution (sid) these problems have been fixed in version 5.4.1~dfsg-11. We recommend that you upgrade your net-snmp package. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1663 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-287 | Improper Authentication |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10820 | |||
Oval ID: | oval:org.mitre.oval:def:10820 | ||
Title: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11261 | |||
Oval ID: | oval:org.mitre.oval:def:11261 | ||
Title: | Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | ||
Description: | Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2292 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17856 | |||
Oval ID: | oval:org.mitre.oval:def:17856 | ||
Title: | USN-685-1 -- net-snmp vulnerabilities | ||
Description: | Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-685-1 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | net-snmp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19948 | |||
Oval ID: | oval:org.mitre.oval:def:19948 | ||
Title: | DSA-1663-1 net-snmp - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1663-1 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22168 | |||
Oval ID: | oval:org.mitre.oval:def:22168 | ||
Title: | ELSA-2008:0971: net-snmp security update (Important) | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0971-01 CVE-2008-4309 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22388 | |||
Oval ID: | oval:org.mitre.oval:def:22388 | ||
Title: | ELSA-2008:0529: net-snmp security update (Moderate) | ||
Description: | Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0529-01 CVE-2008-2292 CVE-2008-0960 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29197 | |||
Oval ID: | oval:org.mitre.oval:def:29197 | ||
Title: | RHSA-2008:0971 -- net-snmp security update (Important) | ||
Description: | Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0971 CESA-2008:0971-CentOS 5 CESA-2008:0971-CentOS 3 CVE-2008-4309 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 | Product(s): | net-snmp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5785 | |||
Oval ID: | oval:org.mitre.oval:def:5785 | ||
Title: | Multiple Vendors Net-SNMPv3 Hash Message Authentication Code Design Error Vulnerability | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6171 | |||
Oval ID: | oval:org.mitre.oval:def:6171 | ||
Title: | Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6353 | |||
Oval ID: | oval:org.mitre.oval:def:6353 | ||
Title: | Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6414 | |||
Oval ID: | oval:org.mitre.oval:def:6414 | ||
Title: | Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7025 | |||
Oval ID: | oval:org.mitre.oval:def:7025 | ||
Title: | DSA-1663 net-snmp -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1663 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9860 | |||
Oval ID: | oval:org.mitre.oval:def:9860 | ||
Title: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Application | 6 |
ExploitDB Exploits
id | Description |
---|---|
2008-11-12 | Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC |
2008-06-12 | SNMPv3 HMAC validation error Remote Authentication Bypass Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp1.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp.nasl |
2009-10-13 | Name : Solaris Update for SMA 120273-27 File : nvt/gb_solaris_120273_27.nasl |
2009-10-13 | Name : Solaris Update for SMA 120272-25 File : nvt/gb_solaris_120272_25.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5041460.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5031860.nasl |
2009-09-23 | Name : Solaris Update for SMA 120273-26 File : nvt/gb_solaris_120273_26.nasl |
2009-09-23 | Name : Solaris Update for SMA 120272-24 File : nvt/gb_solaris_120272_24.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp) File : nvt/mdksa_2009_156.nasl |
2009-06-03 | Name : Solaris Update for SMA 120273-25 File : nvt/gb_solaris_120273_25.nasl |
2009-06-03 | Name : Solaris Update for SMA 120272-23 File : nvt/gb_solaris_120272_23.nasl |
2009-04-09 | Name : Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp) File : nvt/gb_mandriva_MDVSA_2008_118.nasl |
2009-04-09 | Name : Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp) File : nvt/gb_mandriva_MDVSA_2008_225.nasl |
2009-03-23 | Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1 File : nvt/gb_ubuntu_USN_685_1.nasl |
2009-03-06 | Name : RedHat Update for ucd-snmp RHSA-2008:0528-01 File : nvt/gb_RHSA-2008_0528-01_ucd-snmp.nasl |
2009-03-06 | Name : RedHat Update for net-snmp RHSA-2008:0529-01 File : nvt/gb_RHSA-2008_0529-01_net-snmp.nasl |
2009-03-06 | Name : RedHat Update for net-snmp RHSA-2008:0971-01 File : nvt/gb_RHSA-2008_0971-01_net-snmp.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386 File : nvt/gb_CESA-2008_0528-01_ucd-snmp_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64 File : nvt/gb_CESA-2008_0971_net-snmp_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0971 centos3 i386 File : nvt/gb_CESA-2008_0971_net-snmp_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_i386.nasl |
2009-02-18 | Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp) File : nvt/fcore_2009_1769.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9367 File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9362 File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5224 File : nvt/gb_fedora_2008_5224_net-snmp_fc7.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5218 File : nvt/gb_fedora_2008_5218_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5215 File : nvt/gb_fedora_2008_5215_net-snmp_fc9.nasl |
2009-02-16 | Name : Fedora Update for net-snmp FEDORA-2008-10451 File : nvt/gb_fedora_2008_10451_net-snmp_fc10.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
2009-01-26 | Name : Gentoo Security Advisory GLSA 200901-15 (net-snmp) File : nvt/glsa_200901_15.nasl |
2009-01-23 | Name : SuSE Update for net-snmp SUSE-SA:2008:039 File : nvt/gb_suse_2008_039.nasl |
2008-11-19 | Name : FreeBSD Ports: net-snmp File : nvt/freebsd_net-snmp2.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1663-1 (net-snmp) File : nvt/deb_1663_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-02 (net-snmp) File : nvt/glsa_200808_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-320-02 net-snmp File : nvt/esoft_slk_ssa_2008_320_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-07 net-snmp File : nvt/esoft_slk_ssa_2008_210_07.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55248 | HP OpenView SNMP Emanate Master Agent HMAC Authentication SNMPv3 Authenticati... |
49524 | Net-SNMP getbulk Code Response / Repeat Saturation Remote DoS |
46669 | Apple Mac OS X HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46276 | Solaris snmpd(1M) HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46102 | Ingate Firewall/SIParator HMAC Authentication SNMPv3 Authentication Packet Sp... |
46088 | Juniper Multiple Appliances HMAC Authentication SNMPv3 Authentication Packet ... |
46086 | Cisco Multiple Products HMAC Authentication SNMPv3 Authentication Packet Spoo... |
46060 | UCD-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46059 | Net-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
45136 | Net-SNMP Perl Module perl/SNMP/SNMP.xs __snprint_value() Function Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-05 | IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0018295 |
2008-11-06 | IAVM : 2008-B-0078 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0017874 |
2008-06-19 | IAVM : 2008-T-0026 - SNMP Remote Authentication Bypass Vulnerability Severity : Category I - VMSKEY : V0016046 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Vendors SNMPv3 HMAC handling authentication bypass attempt RuleID : 17699 - Revision : 3 - Type : PROTOCOL-SNMP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8939.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-iosxr.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-nxos.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081103_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080610_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-12-17 | Name : The remote network device is affected by multiple remote vulnerabilities. File : airport_firmware_7_5_2.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3http.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39887.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39886.nasl - Type : ACT_GATHER_INFO |
2010-02-17 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12298.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12204.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The SNMP server running on this host is affected by an authentication bypass ... File : snmpv3_authentication_bypass.nasl - Type : ACT_ATTACK |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-080706.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-081121.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-118.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-225.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10451.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO |
2009-01-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-5807.nasl - Type : ACT_GATHER_INFO |
2009-01-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-15.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-5808.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-320-02.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_daf045d7b21111dda987000c29ca8953.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO |
2008-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-02.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-5418.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-5422.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-07.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5224.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5218.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5215.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0528.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 120273-42 File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 120272-40 File : solaris10_120272.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:58 |
|