This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200808-02
(Net-SNMP: Multiple vulnerabilities)
Wes Hardaker reported that the SNMPv3 HMAC verification relies on the
client to specify the HMAC length (CVE-2008-0960). John Kortink
reported a buffer overflow in the Perl bindings of Net-SNMP when
processing the OCTETSTRING in an attribute value pair (AVP) received by
an SNMP agent (CVE-2008-2292).
An attacker could send SNMPv3 packets to an instance of snmpd providing
a valid user name and an HMAC length value of 1, and easily conduct
brute-force attacks to bypass SNMP authentication. An attacker could
further entice a user to connect to a malicious SNMP agent with an SNMP
client using the Perl bindings, possibly resulting in the execution of
There is no known workaround at this time.
See also :
All Net-SNMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-analyzer/net-snmp-184.108.40.206'
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true