CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Published : 2009-02-12 16:30 Updated : 2017-09-29 01:32

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Net-snmp Net-snmp 5.2.4 cpe:/a:net-snmp:net-snmp:5.2.4
Net-snmp Net Snmp 5.3.0.1 cpe:/o:net-snmp:net_snmp:5.3.0.1
Net-snmp Net-snmp 5.4.2 cpe:/a:net-snmp:net-snmp:5.4.2
Net-snmp Net-snmp 5.1.4 cpe:/a:net-snmp:net-snmp:5.1.4
Net-snmp Net-snmp 5.4.1 cpe:/a:net-snmp:net-snmp:5.4.1
Net-snmp Net-snmp 5.2 cpe:/a:net-snmp:net-snmp:5.2
Net-snmp Net-snmp 5.1.3 cpe:/a:net-snmp:net-snmp:5.1.3
Net-snmp Net-snmp 5.1.2 cpe:/a:net-snmp:net-snmp:5.1.2
Net-snmp Net-snmp 5.2.1 cpe:/a:net-snmp:net-snmp:5.2.1
Net-snmp Net-snmp 5.0.10 cpe:/a:net-snmp:net-snmp:5.0.10
Net-snmp Net-snmp 5.2.1.2_r1 cpe:/a:net-snmp:net-snmp:5.2.1.2_r1
Net-snmp Net-snmp 5.0.9 cpe:/a:net-snmp:net-snmp:5.0.9
Net-snmp Net-snmp 5.3.2.2 cpe:/a:net-snmp:net-snmp:5.3.2.2
Net-snmp Net Snmp 5.4 cpe:/o:net-snmp:net_snmp:5.4
Net-snmp Net Snmp 5.1.1 cpe:/o:net-snmp:net_snmp:5.1.1
Net-snmp Net-snmp 5.2.5 cpe:/a:net-snmp:net-snmp:5.2.5
Net-snmp Net-snmp 5.4 cpe:/a:net-snmp:net-snmp:5.4
Net-snmp Net-snmp 5.3 cpe:/a:net-snmp:net-snmp:5.3
Net-snmp Net Snmp 5.1 cpe:/o:net-snmp:net_snmp:5.1
  1. Net-snmp (2) Search CVE
    1. Net Snmp (4) Search CVE
      1. 5.3.0.1
      2. 5.4
      3. 5.1.1
      4. 5.1
    2. Net-snmp (15) Search CVE
      1. 5.2.4
      2. 5.4.2
      3. 5.1.4
      4. 5.4.1
      5. 5.2
      6. 5.1.3
      7. 5.1.2
      8. 5.2.1
      9. 5.0.10
      10. 5.2.1.2_r1
      11. 5.0.9
      12. 5.3.2.2
      13. 5.2.5
      14. 5.4
      15. 5.3

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2009-02-12 16:30

New CVE