Launchpad.net

CVE 2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Related bugs and status

CVE-2008-6123 (Candidate) is related to these bugs:

Bug #331410: CVE-2008-6123: not fixed in latest security releases

		In	Importance	Status
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu)	Medium	Fix Released
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Fedora)	Medium	Fix Released
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Gentoo Linux)	Low	Fix Released
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Dapper)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Gutsy)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Hardy)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Intrepid)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Jaunty)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Karmic)	Undecided	Invalid
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Lucid)	Medium	Fix Released
331410	CVE-2008-6123: not fixed in latest security releases	net-snmp (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-6123

Related bugs and status

Related bugs

References