[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-6123Date: (C)2009-02-12   (M)2018-06-11


The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021921
SECUNIA-34499
SECUNIA-35416
SECUNIA-35685
RHSA-2009:0295
SUSE-SR:2009:011
SUSE-SR:2009:012
SUSE-SR:2010:003
http://www.openwall.com/lists/oss-security/2009/02/12/2
http://www.openwall.com/lists/oss-security/2009/02/12/7
http://www.openwall.com/lists/oss-security/2009/02/12/4
http://bugs.gentoo.org/show_bug.cgi?id=250429
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
https://bugzilla.redhat.com/show_bug.cgi?id=485211

CPE    5
cpe:/a:net-snmp:net-snmp:5.2
cpe:/a:net-snmp:net-snmp:5.0.9
cpe:/a:net-snmp:net-snmp:5.4
cpe:/a:net-snmp:net-snmp:5.3
...
CWE    1
CWE-20
OVAL    8
oval:org.secpod.oval:def:700085
oval:org.secpod.oval:def:101541
oval:org.secpod.oval:def:200244
oval:org.secpod.oval:def:200294
...

© SecPod Technologies