Debian Security Advisory

DSA-1663-1 net-snmp -- several vulnerabilities

Date Reported:
09 Nov 2008
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 485945, Bug 482333, Bug 504150.
In Mitre's CVE dictionary: CVE-2008-0960, CVE-2008-2292, CVE-2008-4309.
More information:

Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-0960

    Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets.

  • CVE-2008-2292

    John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).

  • CVE-2008-4309

    It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.

For the stable distribution (etch), these problems has been fixed in version 5.2.3-7etch4.

For the testing distribution (lenny) and unstable distribution (sid) these problems have been fixed in version 5.4.1~dfsg-11.

We recommend that you upgrade your net-snmp package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.