Ubuntu
net-snmp package

Overview
Code
Bugs
Blueprints
Translations
Answers

Jaunty (9.04)
Bug #331410
Comment #17

Comment 17 for bug 331410

Revision history for this message

In Red Hat Bugzilla #485211, Jan (jan-redhat-bugs) wrote on 2009-02-12:

#17

Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6123 to
the following vulnerability:

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp
5.0.9 through 5.4.2, when using TCP wrappers for client authorization,
does not properly parse hosts.allow rules, which allows remote
attackers to bypass intended access restrictions and execute SNMP
queries, related to "source/destination IP address confusion."

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
http://www.openwall.com/lists/oss-security/2009/02/12/2
http://bugs.gentoo.org/show_bug.cgi?id=250429
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
:http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

Ubuntunet-snmp package

Comment 17 for bug 331410

Ubuntu
net-snmp package