Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Published

2009-02-12T16:30:00.187

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	net-snmp	net-snmp	≤ 5.4.2.1	Yes
Operating System	opensuse	opensuse	10.3-11.1	Yes
Operating System	opensuse	opensuse	11.2	Yes
Operating System	suse	linux_enterprise	9-11	Yes
Operating System	redhat	enterprise_linux	3.0	Yes

References

http://bugs.gentoo.org/show_bug.cgi?id=250429 Exploit, Issue Tracking ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html Mailing List ([email protected])
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 Product ([email protected])
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 Product ([email protected])
http://secunia.com/advisories/34499 Broken Link ([email protected])
http://secunia.com/advisories/35416 Broken Link ([email protected])
http://secunia.com/advisories/35685 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2009/02/12/2 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2009/02/12/4 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2009/02/12/7 Mailing List ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0295.html Not Applicable ([email protected])
http://www.securitytracker.com/id?1021921 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=485211 Issue Tracking, Patch ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 Broken Link ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=250429 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 Product (af854a3a-2127-422b-91ae-364da2661108)
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 Product (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34499 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35416 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35685 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/02/12/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/02/12/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/02/12/7 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0295.html Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021921 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=485211 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 Broken Link (af854a3a-2127-422b-91ae-364da2661108)