Launchpad.net

CVE 2008-2292

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Related bugs and status

CVE-2008-2292 (Candidate) is related to these bugs:

Bug #241892: [CVE-2008-2292] Buffer overflow in __snprint_value() in snmp_get

Summary				In	Importance	Status
	241892	[CVE-2008-2292] Buffer overflow in __snprint_value() in snmp_get		net-snmp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 29212
SECUNIA: 30187
FEDORA: FEDORA-2008-5215
FEDORA: FEDORA-2008-5218
FEDORA: FEDORA-2008-5224
SECUNIA: 30647
MANDRIVA: MDVSA-2008:118
SUNALERT: 239785
SECUNIA: 31155
CONFIRM: http://www.vmware.com/...
GENTOO: GLSA-200808-02
SUSE: SUSE-SA:2008:039
SECUNIA: 31334
SECUNIA: 31351
SECUNIA: 31467
CONFIRM: http://support.avaya.c...
SECUNIA: 31568
DEBIAN: DSA-1663
REDHAT: RHSA-2008:0529
SECUNIA: 30615
SECUNIA: 32664
UBUNTU: USN-685-1
SECUNIA: 33003
VUPEN: ADV-2008-1528
VUPEN: ADV-2008-2141
VUPEN: ADV-2008-2361
SECTRACK: 1020527
CONFIRM: http://sourceforge.net...
XF: netsnmp-snprintvalue-b...
OVAL: oval:org.mitre.oval:de...