[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2008-2292 net-snmp __snprint_value
From: Nico Golde <oss-security+ml () ngolde ! de>
Date: 2008-05-24 11:34:09
Message-ID: 20080524113409.GB20762 () ngolde ! de
[Download RAW message or body]
Hi,
* Nico Golde <oss-security+ml@ngolde.de> [2008-05-24 12:18]:
> the CVE id states that PERL/SNMP.xs is vulnerable to
> a buffer overflow "via a large OCTETSTRING in an attribute
> value pair (AVP)."
>
> Unfortunately the same vulnerability applies to the python
> module as well. See python/netsnmp/client_intf.c
>
> Please update your patches and the CVE id.
http://people.debian.org/~nion/nmu-diff/net-snmp-5.4.1~dfsg-1_5.4.1~dfsg-7.1.patch
my patch.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic