- Vulnerability/
- RHSA-2009:0295
RHSA-2009:0295: Moderate: net-snmp security update
First published: Thu Mar 26 2009(Updated: )
The Simple Network Management Protocol (SNMP) is a protocol used for<br>network management.<br>It was discovered that the snmpd daemon did not use TCP wrappers correctly,<br>causing network hosts access restrictions defined in "/etc/hosts.allow" and<br>"/etc/hosts.deny" to not be honored. A remote attacker could use this flaw<br>to bypass intended access restrictions. (CVE-2008-6123)<br>This issue only affected configurations where hosts.allow and hosts.deny<br>were used to limit access to the SNMP server. To obtain information from<br>the server, the attacker would have to successfully authenticate, usually<br>by providing a correct community string.<br>All net-snmp users should upgrade to these updated packages, which contain<br>a backported patch to correct this issue. After installing the update, the<br>snmpd and snmptrapd daemons will be restarted automatically.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:0295