Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-6123

Publication date 29 April 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."

Read the notes from the security team

Status

Package Ubuntu Release Status
net-snmp 10.04 LTS lucid
Fixed 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
6.06 LTS dapper
Not affected

Notes

jdstrand

Gentoo reproducer does not work

mdeslaur

security issue was introduced in the following commits: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=16654 so bug was introduced in 5.2.5, 5.3.2 and 5.4.2

kees

looks like now that 5.4.2 landed in lucid, it became vulnerable.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
net-snmp

References

Related Ubuntu Security Notices (USN)

    • USN-946-1
    • Net-SNMP vulnerability
    • 2 June 2010

Other references