Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Net-snmp | Net-snmp | * | 5.8.1 (excluding) |
Red Hat Enterprise Linux 6 | RedHat | net-snmp-1:5.5-60.el6_10.2 | * |
Red Hat Enterprise Linux 7 | RedHat | net-snmp-1:5.7.2-49.el7_9.1 | * |
Red Hat Enterprise Linux 7.4 Advanced Update Support | RedHat | net-snmp-1:5.7.2-28.el7_4.4 | * |
Red Hat Enterprise Linux 7.4 Telco Extended Update Support | RedHat | net-snmp-1:5.7.2-28.el7_4.4 | * |
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | RedHat | net-snmp-1:5.7.2-28.el7_4.4 | * |
Red Hat Enterprise Linux 7.6 Extended Update Support | RedHat | net-snmp-1:5.7.2-38.el7_6.3 | * |
Red Hat Enterprise Linux 7.7 Extended Update Support | RedHat | net-snmp-1:5.7.2-43.el7_7.7 | * |
Red Hat Enterprise Linux 8 | RedHat | net-snmp-1:5.8-18.el8_3.1 | * |
Red Hat Enterprise Linux 8 | RedHat | net-snmp-1:5.8-18.el8_3.1 | * |
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | RedHat | net-snmp-1:5.8-7.el8_0.4 | * |
Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | net-snmp-1:5.8-12.el8_1.3 | * |
Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | net-snmp-1:5.8-14.el8_2.3 | * |
Net-snmp | Ubuntu | bionic | * |
Net-snmp | Ubuntu | devel | * |
Net-snmp | Ubuntu | focal | * |
Net-snmp | Ubuntu | trusty | * |
Net-snmp | Ubuntu | trusty/esm | * |
Net-snmp | Ubuntu | upstream | * |
Net-snmp | Ubuntu | xenial | * |