Vulnerabilities > CVE-2008-6123 - Incorrect Authorization vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 | |
OS | 2 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_NET-SNMP-6248.NASL description With this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 41562 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41562 title SuSE 10 Security Update : net-snmp (ZYPP Patch Number 6248) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-056.NASL description A vulnerability has been identified and corrected in net-snmp : The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) The updated packages have been patched to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 36601 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36601 title Mandriva Linux Security Advisory : net-snmp (MDVSA-2009:056) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0017_NET-SNMP.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has net-snmp packages installed that are affected by multiple vulnerabilities: - SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. (CVE-2008-0960) - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). (CVE-2008-2292) - Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. (CVE-2008-4309) - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127171 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127171 title NewStart CGSL MAIN 5.04 : net-snmp Multiple Vulnerabilities (NS-SA-2019-0017) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0295.NASL description From Red Hat Security Advisory 2009:0295 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in last seen 2020-06-01 modified 2020-06-02 plugin id 67806 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67806 title Oracle Linux 3 : net-snmp (ELSA-2009-0295) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0295.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in last seen 2020-06-01 modified 2020-06-02 plugin id 36021 published 2009-03-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36021 title CentOS 3 : net-snmp (CESA-2009:0295) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBSNMP15-090514.NASL description With this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 40047 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40047 title openSUSE Security Update : libsnmp15 (libsnmp15-879) NASL family Scientific Linux Local Security Checks NASL id SL_20090326_NET_SNMP_ON_SL3_X.NASL description It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in last seen 2020-06-01 modified 2020-06-02 plugin id 60556 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60556 title Scientific Linux Security Update : net-snmp on SL3.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0295.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in last seen 2020-06-01 modified 2020-06-02 plugin id 36029 published 2009-03-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36029 title RHEL 3 : net-snmp (RHSA-2009:0295) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-946-1.NASL description The SNMP server did not correctly validate certain UDP clients when using TCP wrappers. Under some situations, a remote attacker could bypass access restrictions and communicate with the SNMP server, potentially leading to a loss of privacy or a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65124 published 2013-03-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65124 title Ubuntu 10.04 LTS : net-snmp vulnerability (USN-946-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201001-05.NASL description The remote host is affected by the vulnerability described in GLSA-201001-05 (net-snmp: Authorization bypass) The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Impact : A remote, unauthenticated attacker could bypass the ACL filtering, possibly resulting in the execution of arbitrary SNMP queries. Workaround : If possible, protect net-snmp with custom iptables rules: iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP last seen 2020-06-01 modified 2020-06-02 plugin id 44894 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44894 title GLSA-201001-05 : net-snmp: Authorization bypass NASL family Fedora Local Security Checks NASL id FEDORA_2009-1769.NASL description - Mon Feb 16 2009 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-3 - fix tcp_wrappers integration (CVE-2008-6123) - Mon Dec 1 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-2 - rebuild for fixed rpm (#473420) - Mon Nov 3 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-1 - explicitly require the right version and release of net-snmp and net-snmp-libs - update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36301 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36301 title Fedora 10 : net-snmp-5.4.2.1-3.fc10 (2009-1769) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBSNMP15-100204.NASL description This update of net-snmp fixes the following bugs : - truncated walk of hrSWRunPath (bnc#565586) - crash when 64-bit counters wrap (bnc#523553) - unknown host names in snmp traps (bnc#514333) - sensitive host information disclosure (bnc#475532, CVE-2008-6123) last seen 2020-06-01 modified 2020-06-02 plugin id 44403 published 2010-02-07 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44403 title openSUSE Security Update : libsnmp15 (libsnmp15-1922) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBSNMP15-090514.NASL description With this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 40269 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40269 title openSUSE Security Update : libsnmp15 (libsnmp15-879) NASL family SuSE Local Security Checks NASL id SUSE_LIBSNMP15-6247.NASL description With this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 38950 published 2009-05-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38950 title openSUSE 10 Security Update : libsnmp15 (libsnmp15-6247) NASL family SuSE Local Security Checks NASL id SUSE9_12441.NASL description With this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 41306 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41306 title SuSE9 Security Update : net-snmp (YOU Patch Number 12441)
Oval
accepted | 2013-04-29T04:04:21.138-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:10289 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||||||||
version | 27 |
Redhat
advisories |
| ||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 33755 CVE(CAN) ID: CVE-2008-6123 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 在使用TCP wrapper授权客户端的时候,Net-SNMP的snmplib/snmpUDPDomain.c文件中的netsnmp_udp_fmtaddr函数没有正确地解析hosts.allow规则,这允许远程攻击者绕过预期的访问限制执行SNMP查询,获得主机相关的敏感信息。 0 Net-SNMP 5.4.2.1 厂商补丁: Net-SNMP -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 target=_blank rel=external nofollow>http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367</a> |
id | SSV:4761 |
last seen | 2017-11-19 |
modified | 2009-02-13 |
published | 2009-02-13 |
reporter | Root |
title | Net-snmp TCP Wrapper远程信息泄露漏洞 |
References
- http://www.openwall.com/lists/oss-security/2009/02/12/2
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
- https://bugzilla.redhat.com/show_bug.cgi?id=485211
- http://www.openwall.com/lists/oss-security/2009/02/12/4
- http://bugs.gentoo.org/show_bug.cgi?id=250429
- http://www.openwall.com/lists/oss-security/2009/02/12/7
- http://www.securitytracker.com/id?1021921
- http://www.redhat.com/support/errata/RHSA-2009-0295.html
- http://secunia.com/advisories/34499
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://secunia.com/advisories/35416
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/35685
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289