CVE-2008-6123

net-snmp <5.4.2.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

References (16)

Core 16
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/12/2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/12/7
Exploit, Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=250429
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=485211
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/12/4
Not Applicable vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0295.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34499
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35416
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021921

Scores

EPSS 0.0063
EPSS Percentile 70.4%

Details

CWE
CWE-863
Status published
Products (5)
net-snmp/net-snmp 5.0.9 - 5.4.2.1
opensuse/opensuse 10.3-11.1
opensuse/opensuse 11.2
redhat/enterprise_linux 3.0
suse/linux_enterprise 9-11
Published Feb 12, 2009
Tracked Since Feb 18, 2026