Apple Security Advisory 2010-12-16-1 - Multiple vulnerabilities have been addressed in Time Capsule and the Airport Base Station.
19e1b60ec22923c32fb00988fef5c6e725dba382d2956765668f49e98ef707a3VMware Security Advisory - This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.
be9eec1e0afa2608f6e5a930b35d6a797d067f76d7824fe15b60c52609c39c15HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.
838d70db0ddc48f9b732052572867e594114992666fb9080bd42333261a17cf6VMware Security Advisory - Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.
0e7b91107741d71e6675c0f2c159e51f653f073c37b9efdcb9785268746062c4Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than 5.4.2.1 are affected.
df1dcc817a8effce7b67b98444e66e9d0d22d76918dfad9e2e83287e4208ecdcUbuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.
441f25adda0431138b869fe47b92dd9f38cbd70f4168c9c28f03b0901f514c65Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8fMandriva Linux Security Advisory - A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash.
5d5ddf1e815d688280805511b1ed85080241d0e46541246a93048045c7075c89
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed