Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-6123

Published: 12/02/2009 Updated: 12/01/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Net-snmp

Vulnerability Summary

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 up to and including 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote malicious users to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Vulnerable Product Search on Vulmon Subscribe to Product

net-snmp net-snmp

opensuse opensuse 11.2

suse linux enterprise 9-11

opensuse opensuse 10.3-11.1

redhat enterprise linux 3.0

Vendor Advisories

Red Hat: Moderate: net-snmp security update
Synopsis Moderate: net-snmp security update Type/Severity Security Advisory: Moderate Topic Updated net-snmp packages that fix a security issue are now available forRed Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Descrip ...
Debian CVElist Bug Report Logs: CVE-2008-6123: Access restriction bypass
Debian Bug report logs - #516801 CVE-2008-6123: Access restriction bypass Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 23 Feb 2009 18:45:01 UTC Severity: grave Tags: security Fixed in ve ...
Ubuntu Security Notice: net-snmp vulnerability
UDP clients might be able to bypass access restrictions of the SNMP server ...

References

CWE-863http://www.openwall.com/lists/oss-security/2009/02/12/2http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367https://bugzilla.redhat.com/show_bug.cgi?id=485211http://www.openwall.com/lists/oss-security/2009/02/12/4http://bugs.gentoo.org/show_bug.cgi?id=250429http://www.openwall.com/lists/oss-security/2009/02/12/7http://www.securitytracker.com/id?1021921http://www.redhat.com/support/errata/RHSA-2009-0295.htmlhttp://secunia.com/advisories/34499http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://secunia.com/advisories/35416http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35685http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289https://access.redhat.com/errata/RHSA-2009:0295https://usn.ubuntu.com/946-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook