The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 00:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List | |
References | () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product | |
References | () http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product | |
References | () http://secunia.com/advisories/34499 - Broken Link | |
References | () http://secunia.com/advisories/35416 - Broken Link | |
References | () http://secunia.com/advisories/35685 - Broken Link | |
References | () http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List | |
References | () http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable | |
References | () http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link |
12 Jan 2024, 20:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Suse linux Enterprise Suse Redhat Opensuse opensuse Opensuse |
|
CPE | cpe:2.3:a:net-snmp:net-snmp:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.2.1.2_r1:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:* cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.2.4:*:*:*:*:*:*:* cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:* cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:* cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:* |
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:* cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:* |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/2 - Mailing List | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=485211 - Issue Tracking, Patch | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-0295.html - Not Applicable | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/4 - Mailing List | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Mailing List | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/02/12/7 - Mailing List | |
References | (SECTRACK) http://www.securitytracker.com/id?1021921 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=250429 - Exploit, Issue Tracking | |
References | (MISC) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 - Product | |
References | (SECUNIA) http://secunia.com/advisories/34499 - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/35685 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html - Mailing List | |
References | (CONFIRM) http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 - Product | |
References | (SECUNIA) http://secunia.com/advisories/35416 - Broken Link | |
CWE | CWE-863 |
Information
Published : 2009-02-12 16:30
Updated : 2024-11-21 00:55
NVD link : CVE-2008-6123
Mitre link : CVE-2008-6123
CVE.ORG link : CVE-2008-6123
JSON object : View
Products Affected
opensuse
- opensuse
suse
- linux_enterprise
net-snmp
- net-snmp
redhat
- enterprise_linux
CWE
CWE-863
Incorrect Authorization