Vulnerability CVE-2007-5623

Vulnerability Name:

CVE-2007-5623 (CCN-37460)

Assigned:

2007-10-17

Published:

2007-10-17

Updated:

2011-03-08

Summary:

Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Obtain Information

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=196308

Source: MITRE
Type: CNA
CVE-2007-5623

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:1702

Source: CCN
Type: Nagios Plugins Web site
Nagios Plugins

Source: CCN
Type: SA27419
Nagios Plugins "check_snmp" Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
27419

Source: SECUNIA
Type: UNKNOWN
27496

Source: SECUNIA
Type: UNKNOWN
27609

Source: SECUNIA
Type: UNKNOWN
27965

Source: SECUNIA
Type: UNKNOWN
28930

Source: GENTOO
Type: UNKNOWN
GLSA-200711-11

Source: CCN
Type: SourceForge.net: Detail: 1815362
Nagios Plugin Development - check_snmp buffer overflow when parsing snmpget replies

Source: MISC
Type: UNKNOWN
http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880

Source: DEBIAN
Type: UNKNOWN
DSA-1495

Source: DEBIAN
Type: DSA-1495
nagios-plugins -- buffer overflows

Source: CCN
Type: GLSA-200711-11
Nagios Plugins: Two buffer overflows

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:067

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:025

Source: CCN
Type: OSVDB ID: 40391
Nagios Plugins check_snmp Function Crafted snmpget Reply Remote DoS

Source: BID
Type: UNKNOWN
26215

Source: CCN
Type: BID-26215
Nagios Plugins SNMP GET Reply Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3629

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=348731

Source: XF
Type: UNKNOWN
nagios-plugins-checksnmp-bo(37460)

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2713

Source: SUSE
Type: SUSE-SR:2007:025
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:nagios:plugins:1.4.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42404	P	Security update for s390-tools (Important)	2022-07-06
oval:org.opensuse.security:def:20075623	V	CVE-2007-5623	2022-06-30
oval:org.opensuse.security:def:42196	P	Security update for virglrenderer (Important)	2022-02-17
oval:org.opensuse.security:def:112990	P	monitoring-plugins-2.3.1-3.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31752	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26225	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:26224	P	Security update for libvirt (Important)	2022-01-05
oval:org.opensuse.security:def:31715	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:31716	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:26176	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:31710	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:32217	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:31304	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31696	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:106437	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:26140	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:31268	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:31681	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:32178	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31256	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31257	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32169	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:26083	P	Security update for zziplib (Moderate)	2021-06-25
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26071	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:36249	P	nagios-plugins-1.4.16-0.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42656	P	nagios-plugins-1.4.16-0.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26057	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:31623	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:31172	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32082	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32073	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:32283	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31342	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31727	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:32239	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32921	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32960	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:31098	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:31566	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:31086	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:31087	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:32010	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:25972	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35618	P	nagios-plugins-1.4.13-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42025	P	nagios-plugins-1.4.13-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25969	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:35789	P	nagios-plugins-1.4.13-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35997	P	nagios-plugins-1.4.16-0.11.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25351	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25681	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27212	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25547	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26428	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:31906	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26375	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32032	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31540	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32430	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33173	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31464	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26583	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:32325	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25169	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25373	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25746	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26278	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25415	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25765	P	Security update for Adobe Flash Player (Important)	2020-12-01
oval:org.opensuse.security:def:26516	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27247	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25558	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26477	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:32544	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25799	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32469	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:33212	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31475	P	Security update for procps (Moderate)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:25887	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26618	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32025	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:25848	P	Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:26753	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25170	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:25454	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:26322	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25339	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25543	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:25916	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26530	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25622	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:31840	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:32583	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25810	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31971	P	Security update for jakarta-commons-collections (Moderate)	2020-12-01
oval:org.opensuse.security:def:32714	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31396	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31922	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:31474	P	Security update for procmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:31866	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32491	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31549	P	Security update for screen (Low)	2020-12-01
oval:org.opensuse.security:def:31917	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25901	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26788	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25181	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25511	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:26018	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:26960	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25340	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25624	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25546	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25750	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:31862	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25874	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32753	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31453	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:32535	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31463	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25945	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:31801	P	security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:25245	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:25595	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26264	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26995	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:7850	P	DSA-1495 nagios-plugins -- buffer overflows	2014-06-23
oval:org.mitre.oval:def:18454	P	DSA-1495-1 nagios-plugins - several	2014-06-23
oval:org.debian:def:1495	V	buffer overflows	2008-02-12

BACK