net-snmp: Authorization bypass — GLSA 201001-05

A remote attacker can bypass the tcp-wrappers client authorization in net-snmp.

Affected Packages

net-analyzer/net-snmp on all architectures
Affected versions < 5.4.2.1-r1
Unaffected versions >= 5.4.2.1-r1

Background

net-snmp bundles software for generating and retrieving SNMP data.

Description

The netsnmp_udp_fmtaddr() function (snmplib/snmpUDPDomain.c), when using TCP wrappers for client authorization, does not properly parse hosts.allow rules.

Impact

A remote, unauthenticated attacker could bypass the ACL filtering, possibly resulting in the execution of arbitrary SNMP queries.

Workaround

If possible, protect net-snmp with custom iptables rules:

iptables -s [client] -d [host] -p udp --dport 161 -j ACCEPT iptables -s 0.0.0.0/0 -d [host] -p udp --dport 161 -j DROP

Resolution

All net-snmp users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1-r1"

References

Release Date
January 13, 2010

Latest Revision
January 13, 2010: 01

Severity
normal

Exploitable
remote

Bugzilla entries