Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 262908 Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
Informations
Name SUN-262908 First vendor Publication 2009-07-01
Vendor Sun Last vendor Modification 2009-09-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

A heap-based buffer overflow security vulnerability in the System Management Agent (SMA) SNMP daemon (snmpd(1M)) that ships with Solaris may allow a local or remote unprivileged user to crash the snmpd daemon via a specially crafted SNMP GETBULK request. This is a type of Denial of Service (DoS).

The issue is as described in the following documents:


State: Resolved
First released: 08-Jul-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_262908_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17856
 
Oval ID: oval:org.mitre.oval:def:17856
Title: USN-685-1 -- net-snmp vulnerabilities
Description: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests.
Family: unix Class: patch
Reference(s): USN-685-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19948
 
Oval ID: oval:org.mitre.oval:def:19948
Title: DSA-1663-1 net-snmp - several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications.
Family: unix Class: patch
Reference(s): DSA-1663-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22168
 
Oval ID: oval:org.mitre.oval:def:22168
Title: ELSA-2008:0971: net-snmp security update (Important)
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: patch
Reference(s): ELSA-2008:0971-01
CVE-2008-4309
Version: 6
Platform(s): Oracle Linux 5
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29197
 
Oval ID: oval:org.mitre.oval:def:29197
Title: RHSA-2008:0971 -- net-snmp security update (Important)
Description: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309)
Family: unix Class: patch
Reference(s): RHSA-2008:0971
CESA-2008:0971-CentOS 5
CESA-2008:0971-CentOS 3
CVE-2008-4309
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 3
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6171
 
Oval ID: oval:org.mitre.oval:def:6171
Title: Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6353
 
Oval ID: oval:org.mitre.oval:def:6353
Title: Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7025
 
Oval ID: oval:org.mitre.oval:def:7025
Title: DSA-1663 net-snmp -- several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
Family: unix Class: patch
Reference(s): DSA-1663
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8426
 
Oval ID: oval:org.mitre.oval:def:8426
Title: VMware net-snmp divide-by-zero vulnerability
Description: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1887
Version: 2
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9716
 
Oval ID: oval:org.mitre.oval:def:9716
Title: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Description: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1887
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9860
 
Oval ID: oval:org.mitre.oval:def:9860
Title: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Os 3
Os 1

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for net-snmp CESA-2009:1124 centos3 i386
File : nvt/gb_CESA-2009_1124_net-snmp_centos3_i386.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for net-snmp
File : nvt/sles10_net-snmp.nasl
2009-10-10 Name : SLES9: Security update for net-snmp
File : nvt/sles9p5041460.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
File : nvt/mdksa_2009_156.nasl
2009-06-30 Name : RedHat Security Advisory RHSA-2009:1124
File : nvt/RHSA_2009_1124.nasl
2009-06-30 Name : CentOS Security Advisory CESA-2009:1124 (net-snmp)
File : nvt/ovcesa2009_1124.nasl
2009-04-09 Name : Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)
File : nvt/gb_mandriva_MDVSA_2008_225.nasl
2009-03-23 Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1
File : nvt/gb_ubuntu_USN_685_1.nasl
2009-03-06 Name : RedHat Update for net-snmp RHSA-2008:0971-01
File : nvt/gb_RHSA-2008_0971-01_net-snmp.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 i386
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_i386.nasl
2009-02-18 Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp)
File : nvt/fcore_2009_1769.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9362
File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9367
File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl
2009-02-16 Name : Fedora Update for net-snmp FEDORA-2008-10451
File : nvt/gb_fedora_2008_10451_net-snmp_fc10.nasl
2009-02-02 Name : SuSE Security Summary SUSE-SR:2009:003
File : nvt/suse_sr_2009_003.nasl
2009-01-26 Name : Gentoo Security Advisory GLSA 200901-15 (net-snmp)
File : nvt/glsa_200901_15.nasl
2008-11-19 Name : FreeBSD Ports: net-snmp
File : nvt/freebsd_net-snmp2.nasl
2008-11-19 Name : Debian Security Advisory DSA 1663-1 (net-snmp)
File : nvt/deb_1663_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-320-02 net-snmp
File : nvt/esoft_slk_ssa_2008_320_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56459 Net-SNMP snmpd agent/snmp_agent.c Crafted GETBULK Request Remote DoS

49524 Net-SNMP getbulk Code Response / Repeat Saturation Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-02-05 IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware
Severity : Category I - VMSKEY : V0018295

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1124.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090625_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081103_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote network device is affected by multiple remote vulnerabilities.
File : airport_firmware_7_5_2.nasl - Type : ACT_GATHER_INFO
2010-02-17 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12298.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libsnmp15-081121.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1124.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1124.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-225.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10451.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO
2009-01-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_net-snmp-5807.nasl - Type : ACT_GATHER_INFO
2009-01-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-15.nasl - Type : ACT_GATHER_INFO
2008-12-03 Name : The remote openSUSE host is missing a security update.
File : suse_libsnmp15-5808.nasl - Type : ACT_GATHER_INFO
2008-11-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-320-02.nasl - Type : ACT_GATHER_INFO
2008-11-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_daf045d7b21111dda987000c29ca8953.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO
2008-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote host is missing Sun Security Patch number 120273-42
File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO
2007-05-20 Name : The remote host is missing Sun Security Patch number 120272-40
File : solaris10_120272.nasl - Type : ACT_GATHER_INFO