CVE-2008-6123 Information

Description

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1 when using TCP wrappers for client authorization does not properly parse hosts.allow rules which allows remote attackers to bypass intended access restrictions and execute SNMP queries related to \source/destination IP address confusion.\

Reference

http://bugs.gentoo.org/show_bug.cgi?id=250429 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 http://secunia.com/advisories/34499 http://secunia.com/advisories/35416 http://secunia.com/advisories/35685 http://www.openwall.com/lists/oss-security/2009/02/12/2 http://www.openwall.com/lists/oss-security/2009/02/12/4 http://www.openwall.com/lists/oss-security/2009/02/12/7 http://www.redhat.com/support/errata/RHSA-2009-0295.html http://www.securitytracker.com/id?1021921 https://bugzilla.redhat.com/show_bug.cgi?id=485211 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10289