This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200808-02
(Net-SNMP: Multiple vulnerabilities)
Wes Hardaker reported that the SNMPv3 HMAC verification relies on the
client to specify the HMAC length (CVE-2008-0960). John Kortink
reported a buffer overflow in the Perl bindings of Net-SNMP when
processing the OCTETSTRING in an attribute value pair (AVP) received by
an SNMP agent (CVE-2008-2292).
An attacker could send SNMPv3 packets to an instance of snmpd providing
a valid user name and an HMAC length value of 1, and easily conduct
brute-force attacks to bypass SNMP authentication. An attacker could
further entice a user to connect to a malicious SNMP agent with an SNMP
client using the Perl bindings, possibly resulting in the execution of
There is no known workaround at this time.
See also :
All Net-SNMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-analyzer/net-snmp-220.127.116.11'
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 33832 (gentoo_GLSA-200808-02.nasl)
Bugtraq ID: 2921229623
CVE ID: CVE-2008-0960CVE-2008-2292
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.