aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2008-11-16 01:04:28 +0800
committermiwi <miwi@FreeBSD.org>2008-11-16 01:04:28 +0800
commit7c37d11c331592fd5e6b125a500cab3927bbdb1a (patch)
tree1962501970852ffd45f8b82ec1df6e5c3b7f574c /security/vuxml
parent124ad6c17391c03bd835f0d8683daaaed21f6a25 (diff)
downloadfreebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.tar.gz
freebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.tar.zst
freebsd-ports-graphics-7c37d11c331592fd5e6b125a500cab3927bbdb1a.zip
- Fix formating
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml64
1 files changed, 32 insertions, 32 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 87b3ce6bcdc..3e5f825ae08 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -35,38 +35,38 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="daf045d7-b211-11dd-a987-000c29ca8953">
- <topic>net-snmp -- Denial of Service for SNMP agent via crafted GETBULK request</topic>
- <affects>
- <package>
- <name>net-snmp</name>
- <range><lt>5.4.2.1</lt></range>
- </package>
- <package>
- <name>net-snmp53</name>
- <range><lt>5.3.2.3</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Wes Hardaker reports through sourceforge.net forum:</p>
- <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=882903">
- <p>SECURITY ISSUE: A bug in the getbulk handling code could
- let anyone with even minimal access crash the agent. If you
- have open access to your snmp agents (bad bad bad; stop doing
- that!) or if you don't trust everyone that does have access to
- your agents you should updated immediately to prevent
- potential denial of service attacks.</p>
- </blockquote>
- <p>Description at cve.mitre.org additionally clarifies:</p>
- <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309">
- <p>Integer overflow in the netsnmp_create_subtree_cache
- function in agent/snmp_agent.c in net-snmp 5.4 before
- 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows
- remote attackers to cause a denial of service (crash) via
- a crafted SNMP GETBULK request, which triggers a heap-based
- buffer overflow, related to the number of responses or
- repeats.</p>
- </blockquote>
+ <topic>net-snmp -- DoS for SNMP agent via crafted GETBULK request</topic>
+ <affects>
+ <package>
+ <name>net-snmp</name>
+ <range><lt>5.4.2.1</lt></range>
+ </package>
+ <package>
+ <name>net-snmp53</name>
+ <range><lt>5.3.2.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wes Hardaker reports through sourceforge.net forum:</p>
+ <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=882903">
+ <p>SECURITY ISSUE: A bug in the getbulk handling code could
+ let anyone with even minimal access crash the agent. If you
+ have open access to your snmp agents (bad bad bad; stop doing
+ that!) or if you don't trust everyone that does have access to
+ your agents you should updated immediately to prevent
+ potential denial of service attacks.</p>
+ </blockquote>
+ <p>Description at cve.mitre.org additionally clarifies:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309">
+ <p>Integer overflow in the netsnmp_create_subtree_cache
+ function in agent/snmp_agent.c in net-snmp 5.4 before
+ 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows
+ remote attackers to cause a denial of service (crash) via
+ a crafted SNMP GETBULK request, which triggers a heap-based
+ buffer overflow, related to the number of responses or
+ repeats.</p>
+ </blockquote>
</body>
</description>
<references>