National Cyber Awareness System

Vulnerability Summary for CVE-2008-6123

Overview

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=485211

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=485211

External Source: SECTRACK

Name: 1021921

Hyperlink:http://www.securitytracker.com/id?1021921

External Source: REDHAT

Name: RHSA-2009:0295

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0295.html

External Source: MLIST

Name: [oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)

Hyperlink:http://www.openwall.com/lists/oss-security/2009/02/12/7

External Source: MLIST

Name: [oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)

Hyperlink:http://www.openwall.com/lists/oss-security/2009/02/12/4

External Source: MLIST

Name: [oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)

Hyperlink:http://www.openwall.com/lists/oss-security/2009/02/12/2

External Source: SECUNIA

Name: 35685

Hyperlink:http://secunia.com/advisories/35685

External Source: SECUNIA

Name: 35416

Hyperlink:http://secunia.com/advisories/35416

External Source: SECUNIA

Name: 34499

Hyperlink:http://secunia.com/advisories/34499

External Source: OVAL

Name: oval:org.mitre.oval:def:10289

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10289

External Source: CONFIRM

Name: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

Hyperlink:http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

External Source: MISC

Name: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

Hyperlink:http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

External Source: SUSE

Name: SUSE-SR:2010:003

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

External Source: SUSE

Name: SUSE-SR:2009:012

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

External Source: SUSE

Name: SUSE-SR:2009:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

External Source: CONFIRM

Name: http://bugs.gentoo.org/show_bug.cgi?id=250429

Hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=250429

References to Check Content

Identifier:oval:org.mitre.oval:def:10289

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10289