[Pkg-net-snmp-devel] potential security issue

Steffen Joeris steffen.joeris at skolelinux.de
Sun Feb 22 10:26:26 UTC 2009

the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.

| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp
| 5.0.9 through 5.4.2, when using TCP wrappers for client authorization,
| does not properly parse hosts.allow rules, which allows remote
| attackers to bypass intended access restrictions and execute SNMP
| queries, related to "source/destination IP address confusion."

Could you please check, if this affects the debian net-snmp versions and get 
back to me?


More information about the Pkg-net-snmp-devel mailing list