Bug 1862469 (CVE-2020-15861)

Summary: CVE-2020-15861 net-snmp: combination with can lead to elevated permissions to root
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jridky, jsafrane, mhjacks, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-04 01:27:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1862470    
Bug Blocks: 1862471    

Description Marian Rehak 2020-07-31 13:53:03 UTC
In combination with the *snmp-mibs-downloader package* this protection can be bypassed and it is possible for this account to elevate permissions to the root user.

Upstream Issue:


Upstream Commit:


Comment 1 Marian Rehak 2020-07-31 13:53:25 UTC
Created net-snmp tracking bugs for this issue:

Affects: fedora-all [bug 1862470]

Comment 3 Todd Cullum 2020-08-03 23:32:25 UTC

This flaw does not affect net-snmp as shipped with Red Hat Enterprise Linux 5, 6, 7, or 8. There is no snmp-mibs-downloader package in the repositories and, the net-snmp install process does NOT create a separate low-privilege user account to run snmpd nor does it define in /usr/lib/systemd/system/snmpd.service an ExecStart with a -u or -g option for any other users or groups by default. As there is no low-privileged user created to escalate to root, it's notaffected.

Comment 4 Product Security DevOps Team 2020-08-04 01:27:42 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):