Vulnerabilities > CVE-2008-6123 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
net-snmp
opensuse
suse
redhat
CWE-863
nessus
NVD
Published: 2009-02-12
Updated: 2024-01-12

Summary

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Vulnerable Configurations

Part Description Count
Application
Net-Snmp
8
OS
Opensuse
2
OS
Suse
1
OS
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_NET-SNMP-6248.NASL
    descriptionWith this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved.
    last seen2020-06-01
    modified2020-06-02
    plugin id41562
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41562
    titleSuSE 10 Security Update : net-snmp (ZYPP Patch Number 6248)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-056.NASL
    descriptionA vulnerability has been identified and corrected in net-snmp : The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) The updated packages have been patched to prevent this.
    last seen2020-06-01
    modified2020-06-02
    plugin id36601
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36601
    titleMandriva Linux Security Advisory : net-snmp (MDVSA-2009:056)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0017_NET-SNMP.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has net-snmp packages installed that are affected by multiple vulnerabilities: - SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. (CVE-2008-0960) - Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). (CVE-2008-2292) - Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. (CVE-2008-4309) - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127171
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127171
    titleNewStart CGSL MAIN 5.04 : net-snmp Multiple Vulnerabilities (NS-SA-2019-0017)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0295.NASL
    descriptionFrom Red Hat Security Advisory 2009:0295 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in
    last seen2020-06-01
    modified2020-06-02
    plugin id67806
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67806
    titleOracle Linux 3 : net-snmp (ELSA-2009-0295)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0295.NASL
    descriptionUpdated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in
    last seen2020-06-01
    modified2020-06-02
    plugin id36021
    published2009-03-27
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36021
    titleCentOS 3 : net-snmp (CESA-2009:0295)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBSNMP15-090514.NASL
    descriptionWith this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved.
    last seen2020-06-01
    modified2020-06-02
    plugin id40047
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40047
    titleopenSUSE Security Update : libsnmp15 (libsnmp15-879)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090326_NET_SNMP_ON_SL3_X.NASL
    descriptionIt was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in
    last seen2020-06-01
    modified2020-06-02
    plugin id60556
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60556
    titleScientific Linux Security Update : net-snmp on SL3.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0295.NASL
    descriptionUpdated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in
    last seen2020-06-01
    modified2020-06-02
    plugin id36029
    published2009-03-27
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36029
    titleRHEL 3 : net-snmp (RHSA-2009:0295)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-946-1.NASL
    descriptionThe SNMP server did not correctly validate certain UDP clients when using TCP wrappers. Under some situations, a remote attacker could bypass access restrictions and communicate with the SNMP server, potentially leading to a loss of privacy or a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id65124
    published2013-03-09
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65124
    titleUbuntu 10.04 LTS : net-snmp vulnerability (USN-946-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201001-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201001-05 (net-snmp: Authorization bypass) The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules. Impact : A remote, unauthenticated attacker could bypass the ACL filtering, possibly resulting in the execution of arbitrary SNMP queries. Workaround : If possible, protect net-snmp with custom iptables rules: iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP
    last seen2020-06-01
    modified2020-06-02
    plugin id44894
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44894
    titleGLSA-201001-05 : net-snmp: Authorization bypass
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-1769.NASL
    description - Mon Feb 16 2009 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-3 - fix tcp_wrappers integration (CVE-2008-6123) - Mon Dec 1 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-2 - rebuild for fixed rpm (#473420) - Mon Nov 3 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-1 - explicitly require the right version and release of net-snmp and net-snmp-libs - update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36301
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36301
    titleFedora 10 : net-snmp-5.4.2.1-3.fc10 (2009-1769)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBSNMP15-100204.NASL
    descriptionThis update of net-snmp fixes the following bugs : - truncated walk of hrSWRunPath (bnc#565586) - crash when 64-bit counters wrap (bnc#523553) - unknown host names in snmp traps (bnc#514333) - sensitive host information disclosure (bnc#475532, CVE-2008-6123)
    last seen2020-06-01
    modified2020-06-02
    plugin id44403
    published2010-02-07
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44403
    titleopenSUSE Security Update : libsnmp15 (libsnmp15-1922)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBSNMP15-090514.NASL
    descriptionWith this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved.
    last seen2020-06-01
    modified2020-06-02
    plugin id40269
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40269
    titleopenSUSE Security Update : libsnmp15 (libsnmp15-879)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBSNMP15-6247.NASL
    descriptionWith this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved.
    last seen2020-06-01
    modified2020-06-02
    plugin id38950
    published2009-05-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38950
    titleopenSUSE 10 Security Update : libsnmp15 (libsnmp15-6247)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12441.NASL
    descriptionWith this update of net-snmp the handling of TCP wrappers rules for client authorization was improved, prior to this update it was possible for remote attackers to bypass intended access restrictions and execute SNMP queries. (CVE-2008-6123) Additionally binding to multiple interfaces was improved.
    last seen2020-06-01
    modified2020-06-02
    plugin id41306
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41306
    titleSuSE9 Security Update : net-snmp (YOU Patch Number 12441)

Oval

accepted2013-04-29T04:04:21.138-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionThe netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
familyunix
idoval:org.mitre.oval:def:10289
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
version27

Redhat

advisories
rhsa
idRHSA-2009:0295
rpms
  • net-snmp-0:5.0.9-2.30E.27
  • net-snmp-debuginfo-0:5.0.9-2.30E.27
  • net-snmp-devel-0:5.0.9-2.30E.27
  • net-snmp-libs-0:5.0.9-2.30E.27
  • net-snmp-perl-0:5.0.9-2.30E.27
  • net-snmp-utils-0:5.0.9-2.30E.27

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 33755 CVE(CAN) ID: CVE-2008-6123 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 在使用TCP wrapper授权客户端的时候,Net-SNMP的snmplib/snmpUDPDomain.c文件中的netsnmp_udp_fmtaddr函数没有正确地解析hosts.allow规则,这允许远程攻击者绕过预期的访问限制执行SNMP查询,获得主机相关的敏感信息。 0 Net-SNMP 5.4.2.1 厂商补丁: Net-SNMP -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: &lt;a href=http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&amp;revision=17367 target=_blank rel=external nofollow&gt;http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&amp;revision=17367&lt;/a&gt;
idSSV:4761
last seen2017-11-19
modified2009-02-13
published2009-02-13
reporterRoot
titleNet-snmp TCP Wrapper远程信息泄露漏洞

References