diff options
author | miwi <miwi@FreeBSD.org> | 2008-11-16 01:04:28 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-11-16 01:04:28 +0800 |
commit | 7c37d11c331592fd5e6b125a500cab3927bbdb1a (patch) | |
tree | 1962501970852ffd45f8b82ec1df6e5c3b7f574c /security/vuxml | |
parent | 124ad6c17391c03bd835f0d8683daaaed21f6a25 (diff) | |
download | freebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.tar.gz freebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.tar.zst freebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.zip |
- Fix formating
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 87b3ce6bcdc..3e5f825ae08 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -35,38 +35,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="daf045d7-b211-11dd-a987-000c29ca8953"> - <topic>net-snmp -- Denial of Service for SNMP agent via crafted GETBULK request</topic> - <affects> - <package> - <name>net-snmp</name> - <range><lt>5.4.2.1</lt></range> - </package> - <package> - <name>net-snmp53</name> - <range><lt>5.3.2.3</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Wes Hardaker reports through sourceforge.net forum:</p> - <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=882903"> - <p>SECURITY ISSUE: A bug in the getbulk handling code could - let anyone with even minimal access crash the agent. If you - have open access to your snmp agents (bad bad bad; stop doing - that!) or if you don't trust everyone that does have access to - your agents you should updated immediately to prevent - potential denial of service attacks.</p> - </blockquote> - <p>Description at cve.mitre.org additionally clarifies:</p> - <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309"> - <p>Integer overflow in the netsnmp_create_subtree_cache - function in agent/snmp_agent.c in net-snmp 5.4 before - 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows - remote attackers to cause a denial of service (crash) via - a crafted SNMP GETBULK request, which triggers a heap-based - buffer overflow, related to the number of responses or - repeats.</p> - </blockquote> + <topic>net-snmp -- DoS for SNMP agent via crafted GETBULK request</topic> + <affects> + <package> + <name>net-snmp</name> + <range><lt>5.4.2.1</lt></range> + </package> + <package> + <name>net-snmp53</name> + <range><lt>5.3.2.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Wes Hardaker reports through sourceforge.net forum:</p> + <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=882903"> + <p>SECURITY ISSUE: A bug in the getbulk handling code could + let anyone with even minimal access crash the agent. If you + have open access to your snmp agents (bad bad bad; stop doing + that!) or if you don't trust everyone that does have access to + your agents you should updated immediately to prevent + potential denial of service attacks.</p> + </blockquote> + <p>Description at cve.mitre.org additionally clarifies:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309"> + <p>Integer overflow in the netsnmp_create_subtree_cache + function in agent/snmp_agent.c in net-snmp 5.4 before + 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows + remote attackers to cause a denial of service (crash) via + a crafted SNMP GETBULK request, which triggers a heap-based + buffer overflow, related to the number of responses or + repeats.</p> + </blockquote> </body> </description> <references> |