Ubuntu
net-snmp package

[CVE-2008-2292] Buffer overflow in __snprint_value() in snmp_get

Bug #241892 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
net-snmp (Ubuntu)
Fix Released
Undecided
Kees Cook

Bug Description

CVE-2008-2292 description:

"Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP)."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2292

See original description

CVE References

Till Ulen (tillulen)
description: updated
Revision history for this message
Nicolas Valcarcel (nvalcarcel) wrote :

Attaching debdiff

Revision history for this message
Nicolas Valcarcel (nvalcarcel) wrote :

Updating patch.

Nicolas Valcarcel (nvalcarcel)
Changed in net-snmp:
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in net-snmp:
status: Confirmed → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for the patch! Can you please detail the testing you've done (eg build, test suite, PoC, QA regression, and/or testing the patched code path for no regressions)? I am going to mark the bug Incomplete for now, please mark back to 'In Progress' when ready. Thanks again!

Changed in net-snmp:
status: In Progress → Incomplete
Revision history for this message
Kees Cook (kees) wrote :

http://www.ubuntu.com/usn/usn-685-1

Changed in net-snmp:
assignee: nobody → kees
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.