oss-sec mailing list archives
Re: CVE-2008-2292 net-snmp __snprint_value
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sat, 24 May 2008 13:34:09 +0200
Hi, * Nico Golde <oss-security+ml () ngolde de> [2008-05-24 12:18]:
the CVE id states that PERL/SNMP.xs is vulnerable to a buffer overflow "via a large OCTETSTRING in an attribute value pair (AVP)." Unfortunately the same vulnerability applies to the python module as well. See python/netsnmp/client_intf.c Please update your patches and the CVE id.
http://people.debian.org/~nion/nmu-diff/net-snmp-5.4.1~dfsg-1_5.4.1~dfsg-7.1.patch my patch. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE-2008-2292 net-snmp __snprint_value Nico Golde (May 24)
- Re: CVE-2008-2292 net-snmp __snprint_value Nico Golde (May 24)