Executive Summary
Summary | |
---|---|
Title | Updated ESX packages for libxml2, ucd-snmp, libtiff |
Informations | |||
---|---|---|---|
Name | VMSA-2008-0017 | First vendor Publication | 2008-10-31 |
Vendor | VMware | Last vendor Modification | 2008-10-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Updated ESX Service Console package libxml2 A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3281 to this issue. b. Updated ESX Service Console package ucd-snmp A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0960 to this issue. c. Updated third party library libtiff Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2327 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2008-0017.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
33 % | CWE-287 | Improper Authentication |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10820 | |||
Oval ID: | oval:org.mitre.oval:def:10820 | ||
Title: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11489 | |||
Oval ID: | oval:org.mitre.oval:def:11489 | ||
Title: | Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | ||
Description: | Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2327 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17731 | |||
Oval ID: | oval:org.mitre.oval:def:17731 | ||
Title: | USN-644-1 -- libxml2 vulnerabilities | ||
Description: | It was discovered that libxml2 did not correctly handle long entity names. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-644-1 CVE-2008-3529 CVE-2008-3281 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17756 | |||
Oval ID: | oval:org.mitre.oval:def:17756 | ||
Title: | USN-640-1 -- libxml2 vulnerability | ||
Description: | Andreas Solberg discovered that libxml2 did not handle recursive entities safely. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-640-1 CVE-2008-3281 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17803 | |||
Oval ID: | oval:org.mitre.oval:def:17803 | ||
Title: | USN-639-1 -- tiff vulnerability | ||
Description: | Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-639-1 CVE-2008-2327 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18179 | |||
Oval ID: | oval:org.mitre.oval:def:18179 | ||
Title: | DSA-1632-1 tiff - arbitrary code execution | ||
Description: | Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1632-1 CVE-2008-2327 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tiff |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19740 | |||
Oval ID: | oval:org.mitre.oval:def:19740 | ||
Title: | DSA-1631-1 libxml2 - denial of service | ||
Description: | Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU and memory resources were exhausted. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1631-1 CVE-2008-3281 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21731 | |||
Oval ID: | oval:org.mitre.oval:def:21731 | ||
Title: | ELSA-2008:0836: libxml2 security update (Moderate) | ||
Description: | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0836-04 CVE-2008-3281 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22388 | |||
Oval ID: | oval:org.mitre.oval:def:22388 | ||
Title: | ELSA-2008:0529: net-snmp security update (Moderate) | ||
Description: | Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0529-01 CVE-2008-2292 CVE-2008-0960 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22496 | |||
Oval ID: | oval:org.mitre.oval:def:22496 | ||
Title: | ELSA-2008:0847: libtiff security and bug fix update (Important) | ||
Description: | Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0847-01 CVE-2008-2327 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libtiff |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28973 | |||
Oval ID: | oval:org.mitre.oval:def:28973 | ||
Title: | RHSA-2008:0847 -- libtiff security and bug fix update (Important) | ||
Description: | Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0847 CESA-2008:0847-CentOS 5 CVE-2008-2327 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libtiff |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29241 | |||
Oval ID: | oval:org.mitre.oval:def:29241 | ||
Title: | RHSA-2008:0836 -- libxml2 security update (Moderate) | ||
Description: | Updated libxml2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The original fix used in this errata caused some applications using the libxml2 library in an unexpected way to crash when used with updated libxml2 packages. We have updated the packages for Red Hat Enterprise Linux 3, 4 and 5 to use a different fix that does not break affected applications. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0836 CESA-2008:0836-CentOS 3 CESA-2008:0836-CentOS 2 CESA-2008:0836-CentOS 5 CVE-2008-3281 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 2 CentOS Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5514 | |||
Oval ID: | oval:org.mitre.oval:def:5514 | ||
Title: | LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code | ||
Description: | Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2327 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5785 | |||
Oval ID: | oval:org.mitre.oval:def:5785 | ||
Title: | Multiple Vendors Net-SNMPv3 Hash Message Authentication Code Design Error Vulnerability | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6414 | |||
Oval ID: | oval:org.mitre.oval:def:6414 | ||
Title: | Net-snmp SNMPv3 Authentication Bug Lets Remote Users Bypass Authentication | ||
Description: | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0960 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6496 | |||
Oval ID: | oval:org.mitre.oval:def:6496 | ||
Title: | Libxml2 Recursive Entity Evaluation Bug Lets Remote Users Deny Service | ||
Description: | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3281 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7619 | |||
Oval ID: | oval:org.mitre.oval:def:7619 | ||
Title: | DSA-1632 tiff -- buffer underflow | ||
Description: | Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1632 CVE-2008-2327 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7968 | |||
Oval ID: | oval:org.mitre.oval:def:7968 | ||
Title: | DSA-1631 libxml2 -- denial of service | ||
Description: | Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU and memory resources were exhausted. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1631 CVE-2008-3281 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9812 | |||
Oval ID: | oval:org.mitre.oval:def:9812 | ||
Title: | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||
Description: | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3281 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-06-12 | SNMPv3 HMAC validation error Remote Authentication Bypass Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:169-1 (libtiff) File : nvt/mdksa_2009_169_1.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Gnome libtiff - library for reading and writing TIFF 11990... File : nvt/gb_solaris_119901_08.nasl |
2009-10-13 | Name : Solaris Update for GNOME 2.6.0 119900-09 File : nvt/gb_solaris_119900_09.nasl |
2009-10-13 | Name : SLES10: Security update for libtiff File : nvt/sles10_libtiff0.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml2.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp1.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5035440.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5031860.nasl |
2009-10-10 | Name : SLES9: Security update for libtiff File : nvt/sles9p5034140.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:169 (libtiff) File : nvt/mdksa_2009_169.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:150 (libtiff) File : nvt/mdksa_2009_150.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-06 | Name : Fedora Core 9 FEDORA-2009-7335 (libtiff) File : nvt/fcore_2009_7335.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:180 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_180.nasl |
2009-04-09 | Name : Mandriva Update for net-snmp MDVSA-2008:118 (net-snmp) File : nvt/gb_mandriva_MDVSA_2008_118.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:180-1 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_180_1.nasl |
2009-04-09 | Name : Mandriva Update for libtiff MDVSA-2008:184 (libtiff) File : nvt/gb_mandriva_MDVSA_2008_184.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:192 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_192.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerability USN-640-1 File : nvt/gb_ubuntu_USN_640_1.nasl |
2009-03-23 | Name : Ubuntu Update for tiff vulnerability USN-639-1 File : nvt/gb_ubuntu_USN_639_1.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerabilities USN-644-1 File : nvt/gb_ubuntu_USN_644_1.nasl |
2009-03-23 | Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1 File : nvt/gb_ubuntu_USN_685_1.nasl |
2009-03-06 | Name : RedHat Update for libtiff RHSA-2008:0863-01 File : nvt/gb_RHSA-2008_0863-01_libtiff.nasl |
2009-03-06 | Name : RedHat Update for libtiff RHSA-2008:0848-01 File : nvt/gb_RHSA-2008_0848-01_libtiff.nasl |
2009-03-06 | Name : RedHat Update for libtiff RHSA-2008:0847-01 File : nvt/gb_RHSA-2008_0847-01_libtiff.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0836-02 File : nvt/gb_RHSA-2008_0836-02_libxml2.nasl |
2009-03-06 | Name : RedHat Update for net-snmp RHSA-2008:0529-01 File : nvt/gb_RHSA-2008_0529-01_net-snmp.nasl |
2009-03-06 | Name : RedHat Update for ucd-snmp RHSA-2008:0528-01 File : nvt/gb_RHSA-2008_0528-01_ucd-snmp.nasl |
2009-02-27 | Name : CentOS Update for libtiff CESA-2008:0863 centos3 x86_64 File : nvt/gb_CESA-2008_0863_libtiff_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for ucd-snmp CESA-2008:0528-01 centos2 i386 File : nvt/gb_CESA-2008_0528-01_ucd-snmp_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos3 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 i386 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0529 centos4 x86_64 File : nvt/gb_CESA-2008_0529_net-snmp_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0836-02 centos2 i386 File : nvt/gb_CESA-2008_0836-02_libxml2_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0836 centos3 i386 File : nvt/gb_CESA-2008_0836_libxml2_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0836 centos3 x86_64 File : nvt/gb_CESA-2008_0836_libxml2_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libtiff CESA-2008:0863-01 centos2 i386 File : nvt/gb_CESA-2008_0863-01_libtiff_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for libtiff CESA-2008:0863 centos3 i386 File : nvt/gb_CESA-2008_0863_libtiff_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9367 File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5215 File : nvt/gb_fedora_2008_5215_net-snmp_fc9.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5218 File : nvt/gb_fedora_2008_5218_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-5224 File : nvt/gb_fedora_2008_5224_net-snmp_fc7.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9362 File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-7724 File : nvt/gb_fedora_2008_7724_libxml2_fc8.nasl |
2009-02-17 | Name : Fedora Update for libxml2 FEDORA-2008-7395 File : nvt/gb_fedora_2008_7395_libxml2_fc9.nasl |
2009-02-17 | Name : Fedora Update for libtiff FEDORA-2008-7388 File : nvt/gb_fedora_2008_7388_libtiff_fc8.nasl |
2009-02-17 | Name : Fedora Update for libtiff FEDORA-2008-7370 File : nvt/gb_fedora_2008_7370_libtiff_fc9.nasl |
2009-01-23 | Name : SuSE Update for net-snmp SUSE-SA:2008:039 File : nvt/gb_suse_2008_039.nasl |
2008-12-03 | Name : Gentoo Security Advisory GLSA 200812-06 (libxml2) File : nvt/glsa_200812_06.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1663-1 (net-snmp) File : nvt/deb_1663_1.nasl |
2008-11-01 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-02 (net-snmp) File : nvt/glsa_200808_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200809-07 (tiff) File : nvt/glsa_200809_07.nasl |
2008-09-17 | Name : Debian Security Advisory DSA 1632-1 (tiff) File : nvt/deb_1632_1.nasl |
2008-09-04 | Name : Debian Security Advisory DSA 1631-1 (libxml2) File : nvt/deb_1631_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-07 net-snmp File : nvt/esoft_slk_ssa_2008_210_07.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55248 | HP OpenView SNMP Emanate Master Agent HMAC Authentication SNMPv3 Authenticati... |
47795 | LibTIFF LZW Decoder libtiff/tif_lzw.c Multiple Function TIFF Decoder Underflow |
47636 | libxml2 Crafted XML File Handling Recursion Limit DoS |
46669 | Apple Mac OS X HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46276 | Solaris snmpd(1M) HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46102 | Ingate Firewall/SIParator HMAC Authentication SNMPv3 Authentication Packet Sp... |
46088 | Juniper Multiple Appliances HMAC Authentication SNMPv3 Authentication Packet ... |
46086 | Cisco Multiple Products HMAC Authentication SNMPv3 Authentication Packet Spoo... |
46060 | UCD-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
46059 | Net-SNMP HMAC Authentication SNMPv3 Authentication Packet Spoofing |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-11-06 | IAVM : 2008-B-0078 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0017874 |
2008-06-19 | IAVM : 2008-T-0026 - SNMP Remote Authentication Bypass Vulnerability Severity : Category I - VMSKEY : V0016046 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Vendors SNMPv3 HMAC handling authentication bypass attempt RuleID : 17699 - Revision : 3 - Type : PROTOCOL-SNMP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0027.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8939.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-iosxr.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0863.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0848.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0847.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0836.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0848.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3-nxos.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080821_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080610_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080828_libtiff_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080610-snmpv3http.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39887.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39886.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0847.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-169.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12237.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12204.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12229.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The SNMP server running on this host is affected by an authentication bypass ... File : snmpv3_authentication_bypass.nasl - Type : ACT_ATTACK |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff-080820.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-080706.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-080905.nasl - Type : ACT_GATHER_INFO |
2009-07-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-150.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-644-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-192.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-184.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-180.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-118.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-06.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d71da2369a9411dd8f42001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5583.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-5586.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7370.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7388.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7395.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7724.nasl - Type : ACT_GATHER_INFO |
2008-09-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-07.nasl - Type : ACT_GATHER_INFO |
2008-09-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-640-1.nasl - Type : ACT_GATHER_INFO |
2008-09-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-639-1.nasl - Type : ACT_GATHER_INFO |
2008-09-03 | Name : The remote openSUSE host is missing a security update. File : suse_libtiff-5540.nasl - Type : ACT_GATHER_INFO |
2008-09-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-5538.nasl - Type : ACT_GATHER_INFO |
2008-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0848.nasl - Type : ACT_GATHER_INFO |
2008-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0847.nasl - Type : ACT_GATHER_INFO |
2008-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0863.nasl - Type : ACT_GATHER_INFO |
2008-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0863.nasl - Type : ACT_GATHER_INFO |
2008-08-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0836.nasl - Type : ACT_GATHER_INFO |
2008-08-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1632.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1631.nasl - Type : ACT_GATHER_INFO |
2008-08-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0836.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-02.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-5418.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-5422.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-07.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0529.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0528.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5224.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5218.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5215.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 120273-42 File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 120272-40 File : solaris10_120272.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:10 |
|