Executive Summary
Summary | |
---|---|
Title | net-snmp security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0295 | First vendor Publication | 2009-03-26 |
Vendor | RedHat | Last vendor Modification | 2009-03-26 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in "/etc/hosts.allow" and "/etc/hosts.deny" to not be honored. A remote attacker could use this flaw to bypass intended access restrictions. (CVE-2008-6123) This issue only affected configurations where hosts.allow and hosts.deny were used to limit access to the SNMP server. To obtain information from the server, the attacker would have to successfully authenticate, usually by providing a correct community string. All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 485211 - CVE-2008-6123 net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny} |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0295.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-51 | Poison Web Service Registry |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-87 | Forceful Browsing |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10289 | |||
Oval ID: | oval:org.mitre.oval:def:10289 | ||
Title: | The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||
Description: | The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-6123 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12964 | |||
Oval ID: | oval:org.mitre.oval:def:12964 | ||
Title: | USN-946-1 -- net-snmp vulnerability | ||
Description: | The SNMP server did not correctly validate certain UDP clients when using TCP wrappers. Under some situations, a remote attacker could bypass access restrictions and communicate with the SNMP server, potentially leading to a loss of privacy or a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-946-1 CVE-2008-6123 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | net-snmp |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for net-snmp CESA-2009:0295 centos3 i386 File : nvt/gb_CESA-2009_0295_net-snmp_centos3_i386.nasl |
2010-06-07 | Name : Ubuntu Update for net-snmp vulnerability USN-946-1 File : nvt/gb_ubuntu_USN_946_1.nasl |
2010-01-20 | Name : Gentoo Security Advisory GLSA 201001-05 (net-snmp) File : nvt/glsa_201001_05.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp0.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5052020.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0295 File : nvt/RHSA_2009_0295.nasl |
2009-03-31 | Name : CentOS Security Advisory CESA-2009:0295 (net-snmp) File : nvt/ovcesa2009_0295.nasl |
2009-03-02 | Name : Mandrake Security Advisory MDVSA-2009:056 (net-snmp) File : nvt/mdksa_2009_056.nasl |
2009-02-18 | Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp) File : nvt/fcore_2009_1769.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51895 | Net-SNMP TCP Wrapper SNMP Request Handling Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0295.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-946-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-05.nasl - Type : ACT_GATHER_INFO |
2010-02-07 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libsnmp15-100204.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12441.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-6248.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-090514.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libsnmp15-090514.nasl - Type : ACT_GATHER_INFO |
2009-05-29 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-6247.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-056.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0295.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0295.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:16 |
|