CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=250429	Exploit Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html	Mailing List
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367	Product
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367	Product
http://secunia.com/advisories/34499	Broken Link
http://secunia.com/advisories/35416	Broken Link
http://secunia.com/advisories/35685	Broken Link
http://www.openwall.com/lists/oss-security/2009/02/12/2	Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/4	Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/7	Mailing List
http://www.redhat.com/support/errata/RHSA-2009-0295.html	Not Applicable
http://www.securitytracker.com/id?1021921	Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=485211	Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289	Broken Link
http://bugs.gentoo.org/show_bug.cgi?id=250429	Exploit Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html	Mailing List
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367	Product
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367	Product
http://secunia.com/advisories/34499	Broken Link
http://secunia.com/advisories/35416	Broken Link
http://secunia.com/advisories/35685	Broken Link
http://www.openwall.com/lists/oss-security/2009/02/12/2	Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/4	Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/7	Mailing List
http://www.redhat.com/support/errata/RHSA-2009-0295.html	Not Applicable
http://www.securitytracker.com/id?1021921	Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=485211	Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:10.3-11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:suse:linux_enterprise:9-11:::::::*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:55

12 Jan 2024, 20:41

Information

Published : 2009-02-12 16:30

Updated : 2024-11-21 00:55

NVD link : CVE-2008-6123

Mitre link : CVE-2008-6123

CVE.ORG link : CVE-2008-6123

JSON object : View

Products Affected

opensuse

opensuse

suse

linux_enterprise

net-snmp

net-snmp

redhat

enterprise_linux

CWE

CWE-863

Incorrect Authorization

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Suse linux Enterprise Suse Redhat Opensuse opensuse Opensuse
CPE	cpe:2.3:a:net-snmp:net-snmp:5.2.1:::::::* cpe:2.3:a:net-snmp:net-snmp:5.4.2:::::::* cpe:2.3:a:net-snmp:net-snmp:5.2:::::::* cpe:2.3:a:net-snmp:net-snmp:5.2.1.2_r1:::::::* cpe:2.3:a:net-snmp:net-snmp:5.4:::::::* cpe:2.3:a:net-snmp:net-snmp:5.1.3:::::::* cpe:2.3:a:net-snmp:net-snmp:5.3:::::::* cpe:2.3:o:net-snmp:net_snmp:5.1:::::::* cpe:2.3:a:net-snmp:net-snmp:5.4.1:::::::* cpe:2.3:a:net-snmp:net-snmp:5.1.2:::::::* cpe:2.3:a:net-snmp:net-snmp:5.1.4:::::::* cpe:2.3:a:net-snmp:net-snmp:5.2.4:::::::* cpe:2.3:o:net-snmp:net_snmp:5.4:::::::* cpe:2.3:a:net-snmp:net-snmp:5.0.10:::::::* cpe:2.3:a:net-snmp:net-snmp:5.0.9:::::::* cpe:2.3:o:net-snmp:net_snmp:5.1.1:::::::* cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:::::::* cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:::::::* cpe:2.3:a:net-snmp:net-snmp:5.2.5:::::::*	cpe:2.3:o:opensuse:opensuse:11.2:::::::* cpe:2.3:o:opensuse:opensuse:10.3-11.1:::::::* cpe:2.3:o:redhat:enterprise_linux:3.0:::::::* cpe:2.3:a:net-snmp:net-snmp:::::::: cpe:2.3:o:suse:linux_enterprise:9-11:::::::*
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List
References	~~(SECTRACK) http://www.securitytracker.com/id?1021921 -~~	(SECTRACK) http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 -~~	(CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking
References	~~(MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 -~~	(MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product
References	~~(SECUNIA) http://secunia.com/advisories/34499 -~~	(SECUNIA) http://secunia.com/advisories/34499 - Broken Link
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/35685 -~~	(SECUNIA) http://secunia.com/advisories/35685 - Broken Link
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List
References	~~(CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 -~~	(CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product
References	~~(SECUNIA) http://secunia.com/advisories/35416 -~~	(SECUNIA) http://secunia.com/advisories/35416 - Broken Link
CWE	~~CWE-20~~	CWE-863

5.0 /10