CVE-2008-6123

NameCVE-2008-6123
DescriptionThe netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs516801

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
net-snmp (PTS)jessie, jessie (lts)5.7.2.1+dfsg-1+deb8u6fixed
stretch (security)5.7.3+dfsg-1.7+deb9u3fixed
stretch (lts), stretch5.7.3+dfsg-1.7+deb9u5fixed
buster (security), buster, buster (lts)5.7.3+dfsg-5+deb10u4fixed
bullseye (security), bullseye5.9+dfsg-4+deb11u1fixed
bookworm5.9.3+dfsg-2fixed
sid, trixie5.9.4+dfsg-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
net-snmpsource(unstable)5.4.3~dfsg-1low516801

Notes

[etch] - net-snmp <no-dsa> (Minor issue)
[lenny] - net-snmp <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems