CVE-2008-6123 — Incorrect Authorization in Net-snmp

CWE-863 — Incorrect Authorization CWE-20 — Improper Input Validation8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Opensuse Redhat Enterprise Linux +1 more

Timeline

PublishedFeb 12

Latest updateMay 17

Description

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debiannet-snmp/net-snmp< 5.4.3~dfsg-1+3

▶NVDnet-snmp/net-snmp5.0.9 — 5.4.2.1

▶NVDopensuse/opensuse10.3-11.1, 11.2+1

Also affects: Linux Enterprise 9-11, Enterprise Linux 3.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-85rg-g6cg-264m: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain↗2022-05-17

▶

CVEList

CVE-2008-6123: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain↗2009-02-12

▶

OSV

CVE-2008-6123: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain↗2009-02-12

▶

📋Vendor Advisories

Ubuntu

Net-SNMP vulnerability↗2010-06-02

▶

Red Hat

net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}↗2008-12-09

▶

Debian

CVE-2008-6123: net-snmp - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 thr...↗2008

▶

💬Community

Bugzilla

CVE-2008-6123 net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}↗2009-02-12

▶