net-snmp: Authorization bypass
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 201001-05 / net-snmp |
| Release Date |
January 13, 2010 |
| Latest Revision |
January 13, 2010: 01 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| net-analyzer/net-snmp |
<
5.4.2.1-r1 |
>=
5.4.2.1-r1 |
All supported architectures
|
Related bugreports:
#250429
Synopsis
A remote attacker can bypass the tcp-wrappers client authorization in
net-snmp.
2.
Impact Information
Background
net-snmp bundles software for generating and retrieving SNMP data.
Description
The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when
using TCP wrappers for client authorization, does not properly parse
hosts.allow rules.
Impact
A remote, unauthenticated attacker could bypass the ACL filtering,
possibly resulting in the execution of arbitrary SNMP queries.
3.
Resolution Information
Workaround
If possible, protect net-snmp with custom iptables rules:
Code Listing 3.1: Workaround |
iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT
iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP
|
Resolution
All net-snmp users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1-r1"
|
4.
References
|
