[Pkg-net-snmp-devel] potential security issue
Steffen Joeris
steffen.joeris at skolelinux.de
Sun Feb 22 10:27:20 UTC 2009
On Sun, 22 Feb 2009 09:26:26 pm Steffen Joeris wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for net-snmp.
>
> CVE-2008-6123[0]:
> | The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp
> | 5.0.9 through 5.4.2, when using TCP wrappers for client authorization,
> | does not properly parse hosts.allow rules, which allows remote
> | attackers to bypass intended access restrictions and execute SNMP
> | queries, related to "source/destination IP address confusion."
>
> Could you please check, if this affects the debian net-snmp versions and
> get back to me?
>
> Cheers
> Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
http://security-tracker.debian.net/tracker/CVE-2008-6123
More information about the Pkg-net-snmp-devel
mailing list