Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6123

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6123
Last Modified 21 Aug 2010 01:27:31
Published 12 Feb 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6123

Summary

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Vulnerable Systems

Operating System

  • Net-snmp Net Snmp 5.1

  • Net-snmp Net Snmp 5.1.1

  • Net-snmp Net Snmp 5.3.0.1

  • Net-snmp Net Snmp 5.4

Application

  • Net-snmp 5.0.10

  • Net-snmp 5.0.9

  • Net-snmp 5.1.2

  • Net-snmp 5.1.3

  • Net-snmp 5.1.4

  • Net-snmp 5.2

  • Net-snmp 5.2.1

  • Net-snmp 5.2.1.2 R1

  • Net-snmp 5.2.4

  • Net-snmp 5.2.5

  • Net-snmp 5.3

  • Net-snmp 5.3.2.2

  • Net-snmp 5.4

  • Net-snmp 5.4.1

  • Net-snmp 5.4.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=485211

SECTRACK - 1021921

REDHAT - RHSA-2009:0295

MLIST - [oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)

MLIST - [oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)

MLIST - [oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)

SECUNIA - 35685

SECUNIA - 35416

SECUNIA - 34499

CONFIRM - http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

MISC - http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

SUSE - SUSE-SR:2010:003

SUSE - SUSE-SR:2009:012

SUSE - SUSE-SR:2009:011

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=250429


Last Updated: 27 May 2016 10:49:04