News
Vigil@nce: Net-SNMP, buffer overflow via snmp_get
May 2008 by Vigil@nce
A malicious SNMP agent can execute code in the Net-SNMP Perl
module.
Gravity: 2/4
CVSS: 5.8/10
Consequences: user access/rights
Provenance: intranet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/05/2008
Identifier: VIGILANCE-VUL-7828
AFFECTED PRODUCTS
Net-SNMP versions 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6,
5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.10.1, 5.0.10.2, 5.0.11, 5.1,
5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2, 5.2.1, 5.2.1.1, 5.2.1.2, 5.2.2,
5.2.3, 5.2.4, 5.3, 5.3.1, 5.3.2, 5.4, 5.4.1
Similar products or versions inferior to those indicated may also
be affected.
DESCRIPTION
The perl/SNMP sub-directory of Net-SNMP contains a module used by
Perl programs to interface with the Net-SNMP library.
However, this module copies SNMP GET replies in a 2048 or 4096
bytes array, without checking their sizes.
A malicious SNMP agent can therefore return longer data in order
to create an overflow leading to code execution of the computer
where Net-SNMP is installed.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-7828
CVSS score: 5.8/10
Url: https://vigilance.aql.fr/tree/1/7828
