Bug 1873038 (CVE-2020-15862) - CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution
Summary: CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15862
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1875496 1875497 1875625 1875626 1875627 1875960 1886100 1916697 1916698 1916699
Blocks: 1873039
TreeView+ depends on / blocked
 
Reported: 2020-08-27 08:29 UTC by Marian Rehak
Modified: 2024-03-25 16:22 UTC (History)
7 users (show)

Fixed In Version: net-snmp 5.8.1pre1
Clone Of:
Environment:
Last Closed: 2020-11-17 23:28:32 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:0042 0 None None None 2021-01-06 17:59:32 UTC
Red Hat Product Errata RHSA-2020:5129 0 None None None 2020-11-17 15:20:17 UTC
Red Hat Product Errata RHSA-2020:5201 0 None None None 2020-11-24 10:05:12 UTC
Red Hat Product Errata RHSA-2020:5350 0 None None None 2020-12-07 11:44:58 UTC
Red Hat Product Errata RHSA-2020:5372 0 None None None 2020-12-08 10:35:43 UTC
Red Hat Product Errata RHSA-2020:5420 0 None None None 2020-12-15 08:58:27 UTC
Red Hat Product Errata RHSA-2020:5480 0 None None None 2020-12-15 16:41:48 UTC
Red Hat Product Errata RHSA-2021:0257 0 None None None 2021-01-26 10:48:50 UTC
Red Hat Product Errata RHSA-2021:0358 0 None None None 2021-02-02 11:34:32 UTC
Red Hat Product Errata RHSA-2021:0525 0 None None None 2021-02-16 08:34:31 UTC

Description Marian Rehak 2020-08-27 08:29:38 UTC 
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

Upstream commit:

https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

Reference:https://security.gentoo.org/glsa/202008-12
Comment 1 Todd Cullum 2020-08-31 22:17:04 UTC 
Flaw summary:

The NET-SNMP-EXTEND-MIB is supported by default and used to extend the SNMP Agent with shell scripts. It allows non-root users with SNMP WRITE access to potentially execute arbitrary commands as root. This does not occur if the read-only build option was enabled (NETSNMP_NO_WRITE_SUPPORT). An attacker could exploit this flaw by placing an `extend` directive in a config file which specifies the location of a malicious shell script.
Comment 9 errata-xmlrpc 2020-11-17 15:20:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:5129 https://access.redhat.com/errata/RHSA-2020:5129
Comment 10 Product Security DevOps Team 2020-11-17 23:28:32 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15862
Comment 13 errata-xmlrpc 2020-11-24 10:05:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:5201 https://access.redhat.com/errata/RHSA-2020:5201
Comment 14 errata-xmlrpc 2020-12-07 11:44:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5350 https://access.redhat.com/errata/RHSA-2020:5350
Comment 15 errata-xmlrpc 2020-12-08 10:36:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5372 https://access.redhat.com/errata/RHSA-2020:5372
Comment 16 errata-xmlrpc 2020-12-15 08:58:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5420 https://access.redhat.com/errata/RHSA-2020:5420
Comment 17 errata-xmlrpc 2020-12-15 16:41:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5480 https://access.redhat.com/errata/RHSA-2020:5480
Comment 19 errata-xmlrpc 2021-01-26 10:48:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:0257 https://access.redhat.com/errata/RHSA-2021:0257
Comment 20 errata-xmlrpc 2021-02-02 11:34:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0358 https://access.redhat.com/errata/RHSA-2021:0358
Comment 21 errata-xmlrpc 2021-02-16 08:34:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:0525 https://access.redhat.com/errata/RHSA-2021:0525
Note You need to log in before you can comment on or make changes to this bug.