oss-sec mailing list archives
CVE Request -- net-snmp (sensitive host information disclosure)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 12 Feb 2009 14:38:09 +0100
Hello Steve, a possibility of sensitive host information disclosure was found in the net-snmp package, due to source/destination IP address confusion -- could you please allocate a new CVE-2008 identifier for it? References: http://bugs.gentoo.org/show_bug.cgi?id=250429 https://bugzilla.redhat.com/show_bug.cgi?id=485211 Upstream patch: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 Affected net-snmp versions: net-snmp-5.0.9 (older versions probably too) <= x <= net-snmp-5.4.2 (till the above upstream commit) Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- net-snmp (sensitive host information disclosure) Jan Lieskovsky (Feb 12)
- Re: CVE Request -- net-snmp (sensitive host information disclosure) Steven M. Christey (Feb 12)
- Re: CVE Request -- net-snmp (sensitive host information disclosure) Jan Lieskovsky (Feb 12)
- Re: CVE Request -- net-snmp (sensitive host information disclosure) Robert Buchholz (Feb 12)
- Re: CVE Request -- net-snmp (sensitive host information disclosure) Jan Lieskovsky (Feb 13)
- Re: CVE Request -- net-snmp (sensitive host information disclosure) Steven M. Christey (Feb 12)