CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*

History

12 Jan 2024, 20:41

Type Values Removed Values Added
First Time Redhat enterprise Linux
Suse linux Enterprise
Suse
Redhat
Opensuse opensuse
Opensuse
CPE cpe:2.3:a:net-snmp:net-snmp:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.1.2_r1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.4:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List
References (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List
References (SECTRACK) http://www.securitytracker.com/id?1021921 - (SECTRACK) http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking
References (MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - (MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product
References (SECUNIA) http://secunia.com/advisories/34499 - (SECUNIA) http://secunia.com/advisories/34499 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link
References (SECUNIA) http://secunia.com/advisories/35685 - (SECUNIA) http://secunia.com/advisories/35685 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List
References (CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - (CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product
References (SECUNIA) http://secunia.com/advisories/35416 - (SECUNIA) http://secunia.com/advisories/35416 - Broken Link
CWE CWE-20 CWE-863

Information

Published : 2009-02-12 16:30

Updated : 2024-02-28 11:21


NVD link : CVE-2008-6123

Mitre link : CVE-2008-6123

CVE.ORG link : CVE-2008-6123


JSON object : View

Products Affected

net-snmp

  • net-snmp

opensuse

  • opensuse

redhat

  • enterprise_linux

suse

  • linux_enterprise
CWE
CWE-863

Incorrect Authorization