CVE-2008-6123 — MEDIUM (5.0)

Q: How severe is CVE-2008-6123?

CVE-2008-6123 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-6123?

Check the references section above for vendor advisories and patch information. Affected products include: Net-Snmp Net-Snmp, Opensuse Opensuse, Suse Linux Enterprise, Redhat Enterprise Linux.

Vulnerability Description

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Net-Snmp	Net-Snmp	>= 5.0.9, <= 5.4.2.1
Opensuse	Opensuse	10.3-11.1
Suse	Linux Enterprise	9-11
Redhat	Enterprise Linux	3.0

Related Weaknesses (CWE)

CWE-863

References

http://bugs.gentoo.org/show_bug.cgi?id=250429ExploitIssue Tracking
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.htmlMailing List
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUProduct
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367Product
http://secunia.com/advisories/34499Broken Link
http://secunia.com/advisories/35416Broken Link
http://secunia.com/advisories/35685Broken Link
http://www.openwall.com/lists/oss-security/2009/02/12/2Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/4Mailing List
http://www.openwall.com/lists/oss-security/2009/02/12/7Mailing List
http://www.redhat.com/support/errata/RHSA-2009-0295.htmlNot Applicable
http://www.securitytracker.com/id?1021921Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=485211Issue TrackingPatch

FAQ

What is CVE-2008-6123?

CVE-2008-6123 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows ...

How severe is CVE-2008-6123?

CVE-2008-6123 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-6123?

Check the references section above for vendor advisories and patch information. Affected products include: Net-Snmp Net-Snmp, Opensuse Opensuse, Suse Linux Enterprise, Redhat Enterprise Linux.