[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-6123

Date: (C)2009-02-12   (M)2017-10-04
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Reference:
SECTRACK-1021921
SECUNIA-34499
SECUNIA-35416
SECUNIA-35685
RHSA-2009:0295
SUSE-SR:2009:011
SUSE-SR:2009:012
SUSE-SR:2010:003
http://www.openwall.com/lists/oss-security/2009/02/12/2
http://www.openwall.com/lists/oss-security/2009/02/12/7
http://www.openwall.com/lists/oss-security/2009/02/12/4
http://bugs.gentoo.org/show_bug.cgi?id=250429
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
https://bugzilla.redhat.com/show_bug.cgi?id=485211

CPE    5
cpe:/a:net-snmp:net-snmp:5.4
cpe:/a:net-snmp:net-snmp:5.3
cpe:/a:net-snmp:net-snmp:5.0.9
cpe:/a:net-snmp:net-snmp:5.1.2
...
CWE    1
CWE-20
OVAL    8
oval:org.secpod.oval:def:700085
oval:org.secpod.oval:def:200294
oval:org.secpod.oval:def:300504
oval:org.secpod.oval:def:500561
...

© 2013 SecPod Technologies