CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=250429 Exploit Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html Mailing List
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 Product
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 Product
http://secunia.com/advisories/34499 Broken Link
http://secunia.com/advisories/35416 Broken Link
http://secunia.com/advisories/35685 Broken Link
http://www.openwall.com/lists/oss-security/2009/02/12/2 Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/4 Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/7 Mailing List
http://www.redhat.com/support/errata/RHSA-2009-0295.html Not Applicable
http://www.securitytracker.com/id?1021921 Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=485211 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 Broken Link
http://bugs.gentoo.org/show_bug.cgi?id=250429 Exploit Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html Mailing List
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 Product
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 Product
http://secunia.com/advisories/34499 Broken Link
http://secunia.com/advisories/35416 Broken Link
http://secunia.com/advisories/35685 Broken Link
http://www.openwall.com/lists/oss-security/2009/02/12/2 Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/4 Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/7 Mailing List
http://www.redhat.com/support/errata/RHSA-2009-0295.html Not Applicable
http://www.securitytracker.com/id?1021921 Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=485211 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:55

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking () http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking
References () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List
References () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product
References () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product
References () http://secunia.com/advisories/34499 - Broken Link () http://secunia.com/advisories/34499 - Broken Link
References () http://secunia.com/advisories/35416 - Broken Link () http://secunia.com/advisories/35416 - Broken Link
References () http://secunia.com/advisories/35685 - Broken Link () http://secunia.com/advisories/35685 - Broken Link
References () http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List () http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List
References () http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List () http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List
References () http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List () http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List
References () http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable () http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable
References () http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link

12 Jan 2024, 20:41

Type Values Removed Values Added
First Time Redhat enterprise Linux
Suse linux Enterprise
Suse
Redhat
Opensuse opensuse
Opensuse
CPE cpe:2.3:a:net-snmp:net-snmp:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.1.2_r1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.4:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List
References (SECTRACK) http://www.securitytracker.com/id?1021921 - (SECTRACK) http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking
References (MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - (MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product
References (SECUNIA) http://secunia.com/advisories/34499 - (SECUNIA) http://secunia.com/advisories/34499 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link
References (SECUNIA) http://secunia.com/advisories/35685 - (SECUNIA) http://secunia.com/advisories/35685 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List
References (CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - (CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product
References (SECUNIA) http://secunia.com/advisories/35416 - (SECUNIA) http://secunia.com/advisories/35416 - Broken Link
CWE CWE-20 CWE-863

Information

Published : 2009-02-12 16:30

Updated : 2024-11-21 00:55


NVD link : CVE-2008-6123

Mitre link : CVE-2008-6123

CVE.ORG link : CVE-2008-6123


JSON object : View

Products Affected

opensuse

  • opensuse

suse

  • linux_enterprise

net-snmp

  • net-snmp

redhat

  • enterprise_linux
CWE
CWE-863

Incorrect Authorization