Vulnerability-Lookup

CVE-2008-4309 (GCVE-0-2008-4309)

Vulnerability from cvelistv5 – Published: 2008-10-31 20:00 – Updated: 2024-08-07 10:08

Summary

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

43 references

URL	Tags
http://secunia.com/advisories/33631	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32664	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32560	third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT3549	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/0301	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/33746	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/35074	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35679	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/33003	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/32539	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32711	third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1663	vendor-advisoryx_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://net-snmp.svn.sourceforge.net/viewvc/net-sn…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2008/10/31/1	mailing-listx_refsource_MLIST
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	third-party-advisoryx_refsource_CERT
http://sourceforge.net/forum/forum.php?forum_id=882903	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/33095	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1297	vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1021129	vdb-entryx_refsource_SECTRACK
http://support.apple.com/kb/HT4298	x_refsource_CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315	x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2973	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/32020	vdb-entryx_refsource_BID
http://secunia.com/advisories/33821	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1771	vdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200901-15.xml	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/archive/1/498280/100…	mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=125017764422557&w=2	vendor-advisoryx_refsource_HP
http://www.ubuntu.com/usn/usn-685-1	vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=125017764422557&w=2	vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2008/3400	vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Date Public

2008-10-31 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:35.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "33631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33631"
          },
          {
            "name": "32664",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32664"
          },
          {
            "name": "32560",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32560"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "SUSE-SR:2009:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html"
          },
          {
            "name": "ADV-2009-0301",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0301"
          },
          {
            "name": "33746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33746"
          },
          {
            "name": "RHSA-2008:0971",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0971.html"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "35679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35679"
          },
          {
            "name": "oval:org.mitre.oval:def:9860",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "33003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33003"
          },
          {
            "name": "262908",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1"
          },
          {
            "name": "32539",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32539"
          },
          {
            "name": "32711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32711"
          },
          {
            "name": "DSA-1663",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1663"
          },
          {
            "name": "oval:org.mitre.oval:def:6353",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353"
          },
          {
            "name": "netsnmp-netsnmpcreatesubtreecache-dos(46262)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46262"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272"
          },
          {
            "name": "[oss-security] 20081031 New net-snmp DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/31/1"
          },
          {
            "name": "APPLE-SA-2010-12-16-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/forum/forum.php?forum_id=882903"
          },
          {
            "name": "oval:org.mitre.oval:def:6171",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171"
          },
          {
            "name": "33095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33095"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "1021129",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021129"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm"
          },
          {
            "name": "ADV-2008-2973",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2973"
          },
          {
            "name": "32020",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32020"
          },
          {
            "name": "33821",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33821"
          },
          {
            "name": "ADV-2009-1771",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1771"
          },
          {
            "name": "GLSA-200901-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200901-15.xml"
          },
          {
            "name": "20081112 rPSA-2008-0315-1 net-snmp net-snmp-client net-snmp-server net-snmp-utils",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498280/100/0/threaded"
          },
          {
            "name": "HPSBMA02447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "name": "USN-685-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-685-1"
          },
          {
            "name": "SSRT090062",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
          },
          {
            "name": "ADV-2008-3400",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3400"
          },
          {
            "name": "MDVSA-2008:225",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:225"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "33631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33631"
        },
        {
          "name": "32664",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32664"
        },
        {
          "name": "32560",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32560"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "name": "SUSE-SR:2009:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html"
        },
        {
          "name": "ADV-2009-0301",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0301"
        },
        {
          "name": "33746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33746"
        },
        {
          "name": "RHSA-2008:0971",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0971.html"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "name": "35679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35679"
        },
        {
          "name": "oval:org.mitre.oval:def:9860",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "33003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33003"
        },
        {
          "name": "262908",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1"
        },
        {
          "name": "32539",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32539"
        },
        {
          "name": "32711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32711"
        },
        {
          "name": "DSA-1663",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1663"
        },
        {
          "name": "oval:org.mitre.oval:def:6353",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353"
        },
        {
          "name": "netsnmp-netsnmpcreatesubtreecache-dos(46262)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46262"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272"
        },
        {
          "name": "[oss-security] 20081031 New net-snmp DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/31/1"
        },
        {
          "name": "APPLE-SA-2010-12-16-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/forum/forum.php?forum_id=882903"
        },
        {
          "name": "oval:org.mitre.oval:def:6171",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171"
        },
        {
          "name": "33095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33095"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "1021129",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021129"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm"
        },
        {
          "name": "ADV-2008-2973",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2973"
        },
        {
          "name": "32020",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32020"
        },
        {
          "name": "33821",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33821"
        },
        {
          "name": "ADV-2009-1771",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1771"
        },
        {
          "name": "GLSA-200901-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200901-15.xml"
        },
        {
          "name": "20081112 rPSA-2008-0315-1 net-snmp net-snmp-client net-snmp-server net-snmp-utils",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498280/100/0/threaded"
        },
        {
          "name": "HPSBMA02447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "name": "USN-685-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-685-1"
        },
        {
          "name": "SSRT090062",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
        },
        {
          "name": "ADV-2008-3400",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3400"
        },
        {
          "name": "MDVSA-2008:225",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:225"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-4309",
    "datePublished": "2008-10-31T20:00:00.000Z",
    "dateReserved": "2008-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:08:35.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-4309",
      "date": "2026-05-27",
      "epss": "0.11144",
      "percentile": "0.93583"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F129CD3-B1ED-4FF4-8A86-2F76898E8915\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53505415-38BE-4EDC-824E-B64B5BF5B0D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"950BC4AA-60A3-4512-A452-F205FF843C29\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats.\"}, {\"lang\": \"es\", \"value\": \"El c\\u00f3digo getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos   provocar una denegaci\\u00f3n de servicio (ca\\u00edda) mediante vectores relacionados con el n\\u00famero de respuestas o repeticiones.\"}]",
      "id": "CVE-2008-4309",
      "lastModified": "2024-11-21T00:51:21.590",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-10-31T20:29:09.497",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/32539\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/32560\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/32664\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/32711\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/33003\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/33095\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/33631\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/33746\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/33821\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/35679\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200901-15.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sourceforge.net/forum/forum.php?forum_id=882903\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT4298\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1663\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/31/1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0971.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/498280/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/32020\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1021129\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-685-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2009-0001.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2973\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3400\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0301\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1771\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/32539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32560\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33631\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33746\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33821\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200901-15.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/forum/forum.php?forum_id=882903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4298\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1663\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/10/31/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0971.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/498280/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-685-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2009-0001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2973\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4309\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-10-31T20:29:09.497\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos   provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores relacionados con el n\u00famero de respuestas o repeticiones.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F129CD3-B1ED-4FF4-8A86-2F76898E8915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53505415-38BE-4EDC-824E-B64B5BF5B0D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950BC4AA-60A3-4512-A452-F205FF843C29\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32539\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32560\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32664\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32711\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33003\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33631\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33746\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33821\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35679\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200901-15.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/forum/forum.php?forum_id=882903\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT4298\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1663\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/31/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0971.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/498280/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/32020\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1021129\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-685-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2973\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3400\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0301\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1771\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200901-15.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/forum/forum.php?forum_id=882903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/10/31/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/498280/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-685-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2973\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-540

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans net-snmp permet à une personne malintentionnée d'effectuer un déni de service à distance.

Description

Une vulnérabilité de type débordement d'entier a été identifiée dans la fonction netsnmp_create_subtree_cache() du fichier agent/snmpi_agent.c de net-snmp. Son exploitation permet à une personne malintentionnée d'effectuer un déni de service en envoyant une requête GETBULK spécialement conçue à un agent vulnérable.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	net-snmp 5.3.x versions antérieures à 5.3.2.3 ;
N/A	N/A	net-snmp 5.4.x versions antérieures à 5.4.2.1.
N/A	N/A	Net-snmp 5.2.x versions antérieures à 5.2.5.1 ;

References

Title

Publication Time

Tags

Rapport de bogue 2205039 de net-snmp	None	vendor-advisory
Bulletin de sécurité Debian DSA-1663 du 09 novembre 2008 :	-	other
Bulletin de sécurité RHSA-2008-0971 du 03 novembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "net-snmp 5.3.x versions ant\u00e9rieures \u00e0 5.3.2.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "net-snmp 5.4.x versions ant\u00e9rieures \u00e0 5.4.2.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Net-snmp 5.2.x versions ant\u00e9rieures \u00e0 5.2.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement d\u0027entier a \u00e9t\u00e9 identifi\u00e9e dans la\nfonction netsnmp_create_subtree_cache() du fichier agent/snmpi_agent.c\nde net-snmp. Son exploitation permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service en envoyant une requ\u00eate GETBULK\nsp\u00e9cialement con\u00e7ue \u00e0 un agent vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1663 du 09 novembre 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1663"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RHSA-2008-0971 du 03 novembre 2008 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2008-0971.html"
    }
  ],
  "reference": "CERTA-2008-AVI-540",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2008-11-05T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Debian DSA-1663 du 09 novembre 2008.",
      "revision_date": "2008-11-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans net-snmp permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans net-snmp",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bogue 2205039 de net-snmp",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2205039\u0026group_id=12694\u0026atid=112694"
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2010-AVI-620

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant le microgiciel des appareils Time Capsule et AirPort Extreme Base Station permettent à un attaquant de contourner la politique de sécurité ou d'effectuer un déni de service à distance.

Description

Cinq vulnérabilités spécifiées par les références CVE suivantes ont été corrigées:

un débordement d'entier dans la gestion du protocole SNMP permet à un attaquant de provoquer l'arrêt inopiné du service SNMP (CVE-2008-4390) ;
un utilisateur malveillant du réseau peut effectuer un déni de service (redémarrage de la borne) en envoyant un grand nombre de paquets IPv6, ce qui consomme les ressources de l'appareil. (CVE-2009-2189) ;
un attaquant peut contourner les règles de pare-feu et contacter un serveur FTP situé derrière le NAT (CVE-2010-0039) ;
une erreur dans la gestion des paquets ISAKMP fragmentés par le démon racoon permet à un attaquant d'arrêter ce démon de manière inopinée (CVE-2010-1574) ;
les appareils configurés pour fonctionner en mode pont (bridge), ou configurés en mode NAT avec un hôte par défaut subissent un déni de service lorsque des réponses DHCP spécialement conçues leur sont envoyés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Time Capsule, versions du microgiciel inférieures à 7.5.2 ;
	N/A	N/A	AirPort Extreme Base Station, versions du microgiciel inférieures à 7.5.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2010-12-16-1 du 16 décembre 2010 :

other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Time Capsule, versions du microgiciel inf\u00e9rieures \u00e0 7.5.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AirPort Extreme Base Station, versions du microgiciel inf\u00e9rieures \u00e0 7.5.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s sp\u00e9cifi\u00e9es par les r\u00e9f\u00e9rences CVE suivantes ont \u00e9t\u00e9\ncorrig\u00e9es:\n\n-   un d\u00e9bordement d\u0027entier dans la gestion du protocole SNMP permet \u00e0\n    un attaquant de provoquer l\u0027arr\u00eat inopin\u00e9 du service SNMP\n    (CVE-2008-4390) ;\n-   un utilisateur malveillant du r\u00e9seau peut effectuer un d\u00e9ni de\n    service (red\u00e9marrage de la borne) en envoyant un grand nombre de\n    paquets IPv6, ce qui consomme les ressources de l\u0027appareil.\n    (CVE-2009-2189) ;\n-   un attaquant peut contourner les r\u00e8gles de pare-feu et contacter un\n    serveur FTP situ\u00e9 derri\u00e8re le NAT (CVE-2010-0039) ;\n-   une erreur dans la gestion des paquets ISAKMP fragment\u00e9s par le\n    d\u00e9mon racoon permet \u00e0 un attaquant d\u0027arr\u00eater ce d\u00e9mon de mani\u00e8re\n    inopin\u00e9e (CVE-2010-1574) ;\n-   les appareils configur\u00e9s pour fonctionner en mode pont (bridge), ou\n    configur\u00e9s en mode NAT avec un h\u00f4te par d\u00e9faut subissent un d\u00e9ni de\n    service lorsque des r\u00e9ponses DHCP sp\u00e9cialement con\u00e7ues leur sont\n    envoy\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2189"
    },
    {
      "name": "CVE-2008-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4390"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2010-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1804"
    },
    {
      "name": "CVE-2010-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1574"
    },
    {
      "name": "CVE-2010-0039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0039"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2010-12-16-1 du 16    d\u00e9cembre 2010 :",
      "url": "http://lists.apple.com/archives/security-announce/2010/Dec/msg00001.html"
    }
  ],
  "reference": "CERTA-2010-AVI-620",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant le microgiciel des appareils \u003cspan\nclass=\"textit\"\u003eTime Capsule\u003c/span\u003e et \u003cspan class=\"textit\"\u003eAirPort\nExtreme Base Station\u003c/span\u003e permettent \u00e0 un attaquant de contourner la\npolitique de s\u00e9curit\u00e9 ou d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans AirPort Extreme Base Station et Time Capsule",
  "vendor_advisories": []
}

CERTFR-2020-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à R1912
Juniper Networks	N/A	Juniper Networks SBR Carrier versions antérieures à 8.4.1R19
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.4R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10992 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10986 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10985 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10980 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10981 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10983 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10979 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10987 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10982 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10990 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10991 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10993 du 08 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2020-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
    },
    {
      "name": "CVE-2018-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-11810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
    },
    {
      "name": "CVE-2020-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
    },
    {
      "name": "CVE-2020-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2017-17805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2020-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
    },
    {
      "name": "CVE-2017-2595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
    },
    {
      "name": "CVE-2016-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2017-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2020-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2019-14835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2020-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2020-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2020-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
    },
    {
      "name": "CVE-2020-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
    },
    {
      "name": "CVE-2020-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2008-AVI-540

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans net-snmp permet à une personne malintentionnée d'effectuer un déni de service à distance.

Description

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	net-snmp 5.3.x versions antérieures à 5.3.2.3 ;
N/A	N/A	net-snmp 5.4.x versions antérieures à 5.4.2.1.
N/A	N/A	Net-snmp 5.2.x versions antérieures à 5.2.5.1 ;

References

Title

Publication Time

Tags

Rapport de bogue 2205039 de net-snmp	None	vendor-advisory
Bulletin de sécurité Debian DSA-1663 du 09 novembre 2008 :	-	other
Bulletin de sécurité RHSA-2008-0971 du 03 novembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "net-snmp 5.3.x versions ant\u00e9rieures \u00e0 5.3.2.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "net-snmp 5.4.x versions ant\u00e9rieures \u00e0 5.4.2.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Net-snmp 5.2.x versions ant\u00e9rieures \u00e0 5.2.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement d\u0027entier a \u00e9t\u00e9 identifi\u00e9e dans la\nfonction netsnmp_create_subtree_cache() du fichier agent/snmpi_agent.c\nde net-snmp. Son exploitation permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service en envoyant une requ\u00eate GETBULK\nsp\u00e9cialement con\u00e7ue \u00e0 un agent vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1663 du 09 novembre 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1663"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RHSA-2008-0971 du 03 novembre 2008 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2008-0971.html"
    }
  ],
  "reference": "CERTA-2008-AVI-540",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2008-11-05T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Debian DSA-1663 du 09 novembre 2008.",
      "revision_date": "2008-11-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans net-snmp permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans net-snmp",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bogue 2205039 de net-snmp",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=2205039\u0026group_id=12694\u0026atid=112694"
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Description

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2010-AVI-620

Vulnerability from certfr_avis - Published: - Updated:

Description

Cinq vulnérabilités spécifiées par les références CVE suivantes ont été corrigées:

un débordement d'entier dans la gestion du protocole SNMP permet à un attaquant de provoquer l'arrêt inopiné du service SNMP (CVE-2008-4390) ;
un utilisateur malveillant du réseau peut effectuer un déni de service (redémarrage de la borne) en envoyant un grand nombre de paquets IPv6, ce qui consomme les ressources de l'appareil. (CVE-2009-2189) ;
un attaquant peut contourner les règles de pare-feu et contacter un serveur FTP situé derrière le NAT (CVE-2010-0039) ;
une erreur dans la gestion des paquets ISAKMP fragmentés par le démon racoon permet à un attaquant d'arrêter ce démon de manière inopinée (CVE-2010-1574) ;
les appareils configurés pour fonctionner en mode pont (bridge), ou configurés en mode NAT avec un hôte par défaut subissent un déni de service lorsque des réponses DHCP spécialement conçues leur sont envoyés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Time Capsule, versions du microgiciel inférieures à 7.5.2 ;
	N/A	N/A	AirPort Extreme Base Station, versions du microgiciel inférieures à 7.5.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2010-12-16-1 du 16 décembre 2010 :

other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Time Capsule, versions du microgiciel inf\u00e9rieures \u00e0 7.5.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "AirPort Extreme Base Station, versions du microgiciel inf\u00e9rieures \u00e0 7.5.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s sp\u00e9cifi\u00e9es par les r\u00e9f\u00e9rences CVE suivantes ont \u00e9t\u00e9\ncorrig\u00e9es:\n\n-   un d\u00e9bordement d\u0027entier dans la gestion du protocole SNMP permet \u00e0\n    un attaquant de provoquer l\u0027arr\u00eat inopin\u00e9 du service SNMP\n    (CVE-2008-4390) ;\n-   un utilisateur malveillant du r\u00e9seau peut effectuer un d\u00e9ni de\n    service (red\u00e9marrage de la borne) en envoyant un grand nombre de\n    paquets IPv6, ce qui consomme les ressources de l\u0027appareil.\n    (CVE-2009-2189) ;\n-   un attaquant peut contourner les r\u00e8gles de pare-feu et contacter un\n    serveur FTP situ\u00e9 derri\u00e8re le NAT (CVE-2010-0039) ;\n-   une erreur dans la gestion des paquets ISAKMP fragment\u00e9s par le\n    d\u00e9mon racoon permet \u00e0 un attaquant d\u0027arr\u00eater ce d\u00e9mon de mani\u00e8re\n    inopin\u00e9e (CVE-2010-1574) ;\n-   les appareils configur\u00e9s pour fonctionner en mode pont (bridge), ou\n    configur\u00e9s en mode NAT avec un h\u00f4te par d\u00e9faut subissent un d\u00e9ni de\n    service lorsque des r\u00e9ponses DHCP sp\u00e9cialement con\u00e7ues leur sont\n    envoy\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2189"
    },
    {
      "name": "CVE-2008-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4390"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2010-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1804"
    },
    {
      "name": "CVE-2010-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1574"
    },
    {
      "name": "CVE-2010-0039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0039"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2010-12-16-1 du 16    d\u00e9cembre 2010 :",
      "url": "http://lists.apple.com/archives/security-announce/2010/Dec/msg00001.html"
    }
  ],
  "reference": "CERTA-2010-AVI-620",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant le microgiciel des appareils \u003cspan\nclass=\"textit\"\u003eTime Capsule\u003c/span\u003e et \u003cspan class=\"textit\"\u003eAirPort\nExtreme Base Station\u003c/span\u003e permettent \u00e0 un attaquant de contourner la\npolitique de s\u00e9curit\u00e9 ou d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans AirPort Extreme Base Station et Time Capsule",
  "vendor_advisories": []
}

CERTFR-2020-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à R1912
Juniper Networks	N/A	Juniper Networks SBR Carrier versions antérieures à 8.4.1R19
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.4R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10992 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10986 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10985 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10980 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10981 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10983 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10979 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10987 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10982 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10990 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10991 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10993 du 08 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2020-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
    },
    {
      "name": "CVE-2018-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-11810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
    },
    {
      "name": "CVE-2020-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
    },
    {
      "name": "CVE-2020-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2017-17805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2020-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
    },
    {
      "name": "CVE-2017-2595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
    },
    {
      "name": "CVE-2016-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2017-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2020-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2019-14835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2020-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2020-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2020-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
    },
    {
      "name": "CVE-2020-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
    },
    {
      "name": "CVE-2020-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2008-4309

Vulnerability from fkie_nvd - Published: 2008-10-31 20:29 - Updated: 2026-04-23 00:35

Severity

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=125017764422557&w=2
secalert@redhat.com	http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32539
secalert@redhat.com	http://secunia.com/advisories/32560
secalert@redhat.com	http://secunia.com/advisories/32664
secalert@redhat.com	http://secunia.com/advisories/32711
secalert@redhat.com	http://secunia.com/advisories/33003
secalert@redhat.com	http://secunia.com/advisories/33095
secalert@redhat.com	http://secunia.com/advisories/33631
secalert@redhat.com	http://secunia.com/advisories/33746
secalert@redhat.com	http://secunia.com/advisories/33821
secalert@redhat.com	http://secunia.com/advisories/35074
secalert@redhat.com	http://secunia.com/advisories/35679
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200901-15.xml
secalert@redhat.com	http://sourceforge.net/forum/forum.php?forum_id=882903
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1
secalert@redhat.com	http://support.apple.com/kb/HT3549
secalert@redhat.com	http://support.apple.com/kb/HT4298
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1663
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:225
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/10/31/1
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0971.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/498280/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/32020
secalert@redhat.com	http://www.securitytracker.com/id?1021129
secalert@redhat.com	http://www.ubuntu.com/usn/usn-685-1
secalert@redhat.com	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0001.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2973
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/3400
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0301
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1297
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1771
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/46262
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=125017764422557&w=2
af854a3a-2127-422b-91ae-364da2661108	http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32539
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32560
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32664
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32711
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33003
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33095
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33631
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33821
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35679
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200901-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/forum/forum.php?forum_id=882903
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4298
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1663
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:225
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/31/1
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0971.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/498280/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32020
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021129
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-685-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2973
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3400
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0301
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1771
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46262
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860

Impacted products

Vendor	Product	Version
net-snmp	net-snmp	5.2.5
net-snmp	net-snmp	5.3.2.2
net-snmp	net-snmp	5.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F129CD3-B1ED-4FF4-8A86-2F76898E8915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53505415-38BE-4EDC-824E-B64B5BF5B0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "950BC4AA-60A3-4512-A452-F205FF843C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos   provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores relacionados con el n\u00famero de respuestas o repeticiones."
    }
  ],
  "id": "CVE-2008-4309",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-31T20:29:09.497",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32539"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32560"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33003"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33095"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33631"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33746"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33821"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35679"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200901-15.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/forum/forum.php?forum_id=882903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4298"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1663"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:225"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/31/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0971.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/498280/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/32020"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021129"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-685-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2973"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/3400"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/0301"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1771"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46262"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200901-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/forum/forum.php?forum_id=882903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/31/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/498280/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-685-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C4MX-98GV-GXM8

Vulnerability from github – Published: 2022-05-02 00:08 – Updated: 2022-05-02 00:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-31T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats.",
  "id": "GHSA-c4mx-98gv-gxm8",
  "modified": "2022-05-02T00:08:51Z",
  "published": "2022-05-02T00:08:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2008:0971"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2008-4309"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469349"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46262"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271\u0026r2=17272\u0026pathrev=17272"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32539"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32560"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32664"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32711"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33095"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33631"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33821"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35679"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200901-15.xml"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/forum/forum.php?forum_id=882903"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4298"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1663"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:225"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/31/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0971.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/498280/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32020"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021129"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-685-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2973"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3400"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0301"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1771"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4309 (GCVE-0-2008-4309)

Description

Solution

Description

Solution

Description

Solution

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Tags

Sightings

Nomenclature