CVE-2008-2292

Publication date 18 May 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

Read the notes from the security team

Status

Package Ubuntu Release Status
net-snmp 8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 5.4.1~dfsg-4ubuntu4.2
7.10 gutsy
Fixed 5.3.1-6ubuntu2.2
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper
Fixed 5.2.1.2-4ubuntu2.3

Notes

nxvl

Upstream patch for 5.4 branch: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
net-snmp

References

Related Ubuntu Security Notices (USN)

    • USN-685-1
    • Net-SNMP vulnerabilities
    • 3 December 2008

Other references