Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon,  9 Nov 2015 21:55:46 -0500 (EST)
From: cve-assign@...re.org
To: pierre.kim.sec@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: net-snmp OpenBSD package - insecure file permission vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> By default the permissions of the snmpd configuration file are 0644
> instead of 0600:

>   -rw-r--r--  1 root  wheel  6993 Nov  4 09:16 /etc/snmp/snmpd.conf

> The snmpd configuration file is readable by a local user and contains
> the credentials
> for read-only and read-write access (for SNMPv1, SNMPv2 and SNMPv3
> protocols) and gives a local user unnecessary/dangerous access

Use CVE-2015-8100.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWQVxaAAoJEL54rhJi8gl5W/UP/03ySa/FVL8bh6bVyv/a9b6n
fUiKD8LnPJBFf/3mnocDkvXO+PaUhTTXi4Us8Ym19gvOiE8xu6DkAczBU9jtSAeZ
qKDtAxa+hqsiKhWqHFILt+wGzsBUTDRR0GaRRGXfWRLIZXje9UUtllg7Vy2WIWO0
coxO9m7nHwmNHo748uLCFW2v1n/EuHmXhW7rz4QJHWIWOm6JXdGjMG8RqeTJLOLz
qoMWbnWQaW6xgDSrDEeM4ENlZ8gSSSQrBDhq5lEtW1oHu2K/fa5DwUVWIgLRJFQA
clDIGEZww3u0o1PmdfvCaCrmAtEQ6yClu8rmsXF6P8kJO7WaGb7yiN32unBaiVUv
Qh3BDOjizs8c+tLKVvmTZxgy2BiVgzy1/c66q2lqkmNITgVpV08xz3wfMayuyliy
v5GIO2QjV2aVoPeneROGh2G8CPT/BffO9UJX2x5ECVEWh9JclQsj1iO44+6tPzQG
dqLWCY5ILUp58SmD6Ks0ltb5gLBGcDGsRz982VQ6isw9PeesSjjUM7pcUVOOo354
kZ+fenAsvOH0HLA1qrbTJFZ/evmr4OnzX/5z3ucYkTo9Ce7ze22YoLZGLhgANs+N
zy4Nu58WYJDvWO3x+MwXxX4GXXYxkLvIZCBoJADqakBV6dTjPhDLnvII1Y3ZBf3Q
Fgjnyyvn2oVm29xOZr/o
=j4TX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ