Comment 16 for bug 331410

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

A possibility of sensitive host information disclosure was found in the
implementation of SNMP protocol as defined in RFC 1065, RFC 1066, and RFC 1067.
If the snmpd deamon was running on the host, it served the SNMP queries
regardless of the fact, the IP address of the requester was not mentioned in
the list of hosts allowed to issue / request SNMP MIB objects information.
Remote attacker could use this flaw to gain host related sensitive information
via performing a SNMP query.

References:
http://bugs.gentoo.org/show_bug.cgi?id=250429

Upstream patch:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367