CVE-2008-6123: Input Validation
First published: Tue Dec 09 2008(Updated: )
A possibility of sensitive host information disclosure was found in the implementation of SNMP protocol as defined in RFC 1065, RFC 1066, and RFC 1067. If the snmpd deamon was running on the host, it served the SNMP queries regardless of the fact, the IP address of the requester was not mentioned in the list of hosts allowed to issue / request SNMP MIB objects information. Remote attacker could use this flaw to gain host related sensitive information via performing a SNMP query. References: <a href="http://bugs.gentoo.org/show_bug.cgi?id=250429">http://bugs.gentoo.org/show_bug.cgi?id=250429</a> Upstream patch: <a href="http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367">http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Net-snmp Net-snmp | =5.3 | |
| Net-snmp Net-snmp | =5.0.9 | |
| Net-snmp Net-snmp | =5.2.1.2_r1 | |
| Net-snmp Net-snmp | =5.1.4 | |
| Net-snmp Net-snmp | =5.2.4 | |
| Net-snmp Net Snmp | =5.1.1 | |
| Net-snmp Net-snmp | =5.2.1 | |
| Net-snmp Net Snmp | =5.3.0.1 | |
| Net-snmp Net-snmp | =5.2 | |
| Net-snmp Net-snmp | =5.1.3 | |
| Net-snmp Net-snmp | =5.4 | |
| Net-snmp Net-snmp | =5.4.1 | |
| Net-snmp Net-snmp | =5.3.2.2 | |
| Net-snmp Net-snmp | =5.2.5 | |
| Net-snmp Net-snmp | =5.1.2 | |
| Net-snmp Net-snmp | =5.4.2 | |
| Net-snmp Net-snmp | =5.0.10 | |
| Net-snmp Net Snmp | =5.1 | |
| Net-snmp Net Snmp | =5.4 | |
| Net-snmp Net-snmp | >=5.0.9<=5.4.2.1 | |
| openSUSE openSUSE | =10.3-11.1 | |
| openSUSE openSUSE | =11.2 | |
| SUSE Linux Enterprise | =9-11 | |
| Redhat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/show_bug.cgi?id=250429
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
- http://secunia.com/advisories/34499
- http://secunia.com/advisories/35416
- http://secunia.com/advisories/35685
- http://www.openwall.com/lists/oss-security/2009/02/12/2
- http://www.openwall.com/lists/oss-security/2009/02/12/4
- http://www.openwall.com/lists/oss-security/2009/02/12/7
- http://www.redhat.com/support/errata/RHSA-2009-0295.html
- http://www.securitytracker.com/id?1021921
- https://bugzilla.redhat.com/show_bug.cgi?id=485211
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289
- https://access.redhat.com/security/cve/CVE-2008-6123
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
- https://rhn.redhat.com/errata/RHSA-2009-0295.html
- https://www.cve.org/CVERecord?id=CVE-2008-6123 https://nvd.nist.gov/vuln/detail/CVE-2008-6123
- https://access.redhat.com/errata/RHSA-2009:0295
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-6123.json
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-6123
- collector/redhat-cve
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/net-snmp
- canonical/net-snmp net-snmp
- version/net-snmp net-snmp/5.3
- version/net-snmp net-snmp/5.0.9
- version/net-snmp net-snmp/5.2.1.2_r1
- version/net-snmp net-snmp/5.1.4
- version/net-snmp net-snmp/5.2.4
- canonical/net-snmp net snmp
- version/net-snmp net snmp/5.1.1
- version/net-snmp net-snmp/5.2.1
- version/net-snmp net snmp/5.3.0.1
- version/net-snmp net-snmp/5.2
- version/net-snmp net-snmp/5.1.3
- version/net-snmp net-snmp/5.4
- version/net-snmp net-snmp/5.4.1
- version/net-snmp net-snmp/5.3.2.2
- version/net-snmp net-snmp/5.2.5
- version/net-snmp net-snmp/5.1.2
- version/net-snmp net-snmp/5.4.2
- version/net-snmp net-snmp/5.0.10
- version/net-snmp net snmp/5.1
- version/net-snmp net snmp/5.4
- version/net-snmp net-snmp/5.4.2.1
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/10.3-11.1
- version/opensuse opensuse/11.2
- vendor/suse
- canonical/suse linux enterprise
- version/suse linux enterprise/9-11
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/3.0