Bug 1873038 (CVE-2020-15862)
| Summary: | CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | jridky, jsafrane, mhjacks, tcullum, tvainio, yozone, zdohnal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | net-snmp 5.8.1pre1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-17 23:28:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1875496, 1875497, 1875625, 1875626, 1875627, 1875960, 1886100, 1916697, 1916698, 1916699 | ||
| Bug Blocks: | 1873039 | ||
|
Description
Marian Rehak
2020-08-27 08:29:38 UTC
Flaw summary: The NET-SNMP-EXTEND-MIB is supported by default and used to extend the SNMP Agent with shell scripts. It allows non-root users with SNMP WRITE access to potentially execute arbitrary commands as root. This does not occur if the read-only build option was enabled (NETSNMP_NO_WRITE_SUPPORT). An attacker could exploit this flaw by placing an `extend` directive in a config file which specifies the location of a malicious shell script. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5129 https://access.redhat.com/errata/RHSA-2020:5129 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15862 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5201 https://access.redhat.com/errata/RHSA-2020:5201 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5350 https://access.redhat.com/errata/RHSA-2020:5350 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5372 https://access.redhat.com/errata/RHSA-2020:5372 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5420 https://access.redhat.com/errata/RHSA-2020:5420 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5480 https://access.redhat.com/errata/RHSA-2020:5480 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0257 https://access.redhat.com/errata/RHSA-2021:0257 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0358 https://access.redhat.com/errata/RHSA-2021:0358 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0525 https://access.redhat.com/errata/RHSA-2021:0525 |