Internet threat level: 1
Home→Descriptions→SA33884
Net-snmp TCP Wrapper Information Disclosure Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
12 Feb 2009 |
| Last Change |
19 Feb 2009 |
| Criticality | |
| Solution Status |
Vendor Workaround |
| Software |
Net-snmp 5.x |
| Where | |
| Impact |
Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Exposure of system informationVulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally. |
| Description |
A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an error when restricting access to the service via TCP wrappers. This can be exploited to disclose potentially sensitive information via SNMP requests, regardless of access restrictions in "hosts.allow" and "hosts.deny". The vulnerability is reported in version 5.4.2.1. Other versions may also be affected. |
| Solution |
Fixed in the SVN repository in revision 17367. |
| Reported by |
Reported by Marcel Meckel via a Gentoo bug report. |
| Original Advisory |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.