Bug 1873038 (CVE-2020-15862) - CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution
Summary: CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15862
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1875496 1875497 1875625 1875626 1875627 1875960 1886100 1916697 1916698 1916699
Blocks: 1873039
TreeView+ depends on / blocked
 
Reported: 2020-08-27 08:29 UTC by Marian Rehak
Modified: 2021-02-16 08:34 UTC (History)
7 users (show)

Fixed In Version: net-snmp 5.8.1pre1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2020-11-17 23:28:32 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:0042 0 None None None 2021-01-06 17:59:32 UTC
Red Hat Product Errata RHSA-2020:5129 0 None None None 2020-11-17 15:20:17 UTC
Red Hat Product Errata RHSA-2020:5201 0 None None None 2020-11-24 10:05:12 UTC
Red Hat Product Errata RHSA-2020:5350 0 None None None 2020-12-07 11:44:58 UTC
Red Hat Product Errata RHSA-2020:5372 0 None None None 2020-12-08 10:35:43 UTC
Red Hat Product Errata RHSA-2020:5420 0 None None None 2020-12-15 08:58:27 UTC
Red Hat Product Errata RHSA-2020:5480 0 None None None 2020-12-15 16:41:48 UTC
Red Hat Product Errata RHSA-2021:0257 0 None None None 2021-01-26 10:48:50 UTC
Red Hat Product Errata RHSA-2021:0358 0 None None None 2021-02-02 11:34:32 UTC
Red Hat Product Errata RHSA-2021:0525 0 None None None 2021-02-16 08:34:31 UTC

Description Marian Rehak 2020-08-27 08:29:38 UTC
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

Upstream commit:

https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

Reference:https://security.gentoo.org/glsa/202008-12

Comment 1 Todd Cullum 2020-08-31 22:17:04 UTC
Flaw summary:

The NET-SNMP-EXTEND-MIB is supported by default and used to extend the SNMP Agent with shell scripts. It allows non-root users with SNMP WRITE access to potentially execute arbitrary commands as root. This does not occur if the read-only build option was enabled (NETSNMP_NO_WRITE_SUPPORT). An attacker could exploit this flaw by placing an `extend` directive in a config file which specifies the location of a malicious shell script.

Comment 9 errata-xmlrpc 2020-11-17 15:20:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:5129 https://access.redhat.com/errata/RHSA-2020:5129

Comment 10 Product Security DevOps Team 2020-11-17 23:28:32 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15862

Comment 13 errata-xmlrpc 2020-11-24 10:05:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:5201 https://access.redhat.com/errata/RHSA-2020:5201

Comment 14 errata-xmlrpc 2020-12-07 11:44:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5350 https://access.redhat.com/errata/RHSA-2020:5350

Comment 15 errata-xmlrpc 2020-12-08 10:36:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5372 https://access.redhat.com/errata/RHSA-2020:5372

Comment 16 errata-xmlrpc 2020-12-15 08:58:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5420 https://access.redhat.com/errata/RHSA-2020:5420

Comment 17 errata-xmlrpc 2020-12-15 16:41:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5480 https://access.redhat.com/errata/RHSA-2020:5480

Comment 19 errata-xmlrpc 2021-01-26 10:48:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:0257 https://access.redhat.com/errata/RHSA-2021:0257

Comment 20 errata-xmlrpc 2021-02-02 11:34:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0358 https://access.redhat.com/errata/RHSA-2021:0358

Comment 21 errata-xmlrpc 2021-02-16 08:34:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:0525 https://access.redhat.com/errata/RHSA-2021:0525


Note You need to log in before you can comment on or make changes to this bug.