Page 2 of 18 results (0.008 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 https://bugzilla.redhat.com/show_bug.cgi?id=2105238 https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7 https://security.gentoo.org/glsa/202210-29 https://www. • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. • https://bugzilla.redhat.com/show_bug.cgi?id=2103225 https://bugzilla.redhat.com/show_bug.cgi?id=2105242 https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7 https://security.gentoo.org/glsa/202210-29 https://www.debian.org/security/2022/dsa-5209 https://access.redhat.com/security/cve&#x • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Net-SNMP versiones hasta 5.7.3, permite una Escalada de Privilegios debido al seguimiento de un enlace simbólico (symlink) de UNIX. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 https://github.com/net-snmp/net-snmp/issues/145 https://security.gentoo.org/glsa/202008-12 https://security.netapp.com/advisory/ntap-20200904-0001 https://usn.ubuntu.com/4471-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Net-SNMP versiones hasta 5.7.3, presenta una Administración de Privilegios Inapropiada porque el acceso de SNMP WRITE en el EXTEND MIB provee la capacidad de ejecutar comandos arbitrarios como root. A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166 https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e https://security-tracker.debian.org/tracker/CVE-2020-15862 https://security.gentoo.org/glsa/202008-12 https://security.netapp.com/advisory/ntap-20200904-0001 https://usn.ubuntu.com/4471-1 https://access.redhat.com/security/cve/CVE-2020-15862 https://bugzilla.redhat.co • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 4

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. net-snmp versiones anteriores a 5.8.1.pre1 presenta una doble liberación en la función usm_free_usmStateReference en el archivo snmplib/snmpusm.c por medio de una petición SNMPv3 GetBulk. NOTA: esto afecta a los paquetes net-snmp enviados a los usuarios finales por múltiples distribuciones de Linux, pero podría no afectar una versión anterior • http://www.openwall.com/lists/oss-security/2020/06/25/4 https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 https://bugzilla.redhat.com/show_bug.cgi?id=1663027 https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 https://security.gentoo.org/glsa/202008-12 https://sourceforge.net/p/net-snmp/bugs/2923 https://usn.ubuntu.com/4410-1 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-415: Double Free •