CVE-2008-6123 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Vendor	Product	Version
net-snmp	net-snmp	5.0.9 ≤ 𝑥 ≤ 5.4.2.1
opensuse	opensuse	10.3-11.1
opensuse	opensuse	11.2
redhat	enterprise_linux	3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

net-snmp

bullseye (security)	5.9+dfsg-4+deb11u1 fixed
bullseye	5.9+dfsg-4+deb11u1 fixed
etch	no-dsa
lenny	no-dsa
bookworm	5.9.3+dfsg-2 fixed
sid	5.9.4+dfsg-1.1 fixed
trixie	5.9.4+dfsg-1.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

net-snmp

lucid	Fixed 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1 released
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	not-affected
dapper	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

http://bugs.gentoo.org/show_bug.cgi?id=250429

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

http://secunia.com/advisories/34499

http://secunia.com/advisories/35416

http://secunia.com/advisories/35685

http://www.openwall.com/lists/oss-security/2009/02/12/2

http://www.openwall.com/lists/oss-security/2009/02/12/4

http://www.openwall.com/lists/oss-security/2009/02/12/7

http://www.redhat.com/support/errata/RHSA-2009-0295.html

http://www.securitytracker.com/id?1021921

https://bugzilla.redhat.com/show_bug.cgi?id=485211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289

http://bugs.gentoo.org/show_bug.cgi?id=250429

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

http://secunia.com/advisories/34499

http://secunia.com/advisories/35416

http://secunia.com/advisories/35685

http://www.openwall.com/lists/oss-security/2009/02/12/2

http://www.openwall.com/lists/oss-security/2009/02/12/4

http://www.openwall.com/lists/oss-security/2009/02/12/7

http://www.redhat.com/support/errata/RHSA-2009-0295.html

http://www.securitytracker.com/id?1021921

https://bugzilla.redhat.com/show_bug.cgi?id=485211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289