Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon,  9 Nov 2015 21:55:46 -0500 (EST)
From: cve-assign@...re.org
To: pierre.kim.sec@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: net-snmp OpenBSD package - insecure file permission vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> By default the permissions of the snmpd configuration file are 0644
> instead of 0600:

>   -rw-r--r--  1 root  wheel  6993 Nov  4 09:16 /etc/snmp/snmpd.conf

> The snmpd configuration file is readable by a local user and contains
> the credentials
> for read-only and read-write access (for SNMPv1, SNMPv2 and SNMPv3
> protocols) and gives a local user unnecessary/dangerous access

Use CVE-2015-8100.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWQVxaAAoJEL54rhJi8gl5W/UP/03ySa/FVL8bh6bVyv/a9b6n
fUiKD8LnPJBFf/3mnocDkvXO+PaUhTTXi4Us8Ym19gvOiE8xu6DkAczBU9jtSAeZ
qKDtAxa+hqsiKhWqHFILt+wGzsBUTDRR0GaRRGXfWRLIZXje9UUtllg7Vy2WIWO0
coxO9m7nHwmNHo748uLCFW2v1n/EuHmXhW7rz4QJHWIWOm6JXdGjMG8RqeTJLOLz
qoMWbnWQaW6xgDSrDEeM4ENlZ8gSSSQrBDhq5lEtW1oHu2K/fa5DwUVWIgLRJFQA
clDIGEZww3u0o1PmdfvCaCrmAtEQ6yClu8rmsXF6P8kJO7WaGb7yiN32unBaiVUv
Qh3BDOjizs8c+tLKVvmTZxgy2BiVgzy1/c66q2lqkmNITgVpV08xz3wfMayuyliy
v5GIO2QjV2aVoPeneROGh2G8CPT/BffO9UJX2x5ECVEWh9JclQsj1iO44+6tPzQG
dqLWCY5ILUp58SmD6Ks0ltb5gLBGcDGsRz982VQ6isw9PeesSjjUM7pcUVOOo354
kZ+fenAsvOH0HLA1qrbTJFZ/evmr4OnzX/5z3ucYkTo9Ce7ze22YoLZGLhgANs+N
zy4Nu58WYJDvWO3x+MwXxX4GXXYxkLvIZCBoJADqakBV6dTjPhDLnvII1Y3ZBf3Q
Fgjnyyvn2oVm29xOZr/o
=j4TX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.