The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Debian, RHEL: privilege escalation via NET-SNMP-EXTEND-MIB

Synthesis of the vulnerability 

An attacker can bypass restrictions via NET-SNMP-EXTEND-MIB of Debian/RHEL, in order to escalate his privileges.
Vulnerable products: Debian, RHEL, Ubuntu.
Severity of this weakness: 2/4.
Creation date: 30/07/2020.
Références of this bulletin: 965166, CVE-2020-15862, DLA-2299-1, DSA-4746-1, RHSA-2020:5129-01, RHSA-2020:5201-01, RHSA-2020:5350-01, RHSA-2020:5372-01, RHSA-2020:5420-01, RHSA-2020:5480-01, RHSA-2021:0257-01, RHSA-2021:0358-01, RHSA-2021:0525-01, USN-4471-1, USN-4471-2, VIGILANCE-VUL-32976.

Description of the vulnerability 

An attacker can bypass restrictions via NET-SNMP-EXTEND-MIB of Debian/RHEL, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Debian, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Debian 10: new net-snmp packages.
New packages are available:
  Debian 10: net-snmp 5.7.3+dfsg-5+deb10u1

Debian 9: new net-snmp packages.
New packages are available:
  Debian 9: net-snmp 5.7.3+dfsg-1.7+deb9u2

RHEL 6.10: new net-snmp packages.
New packages are available:
  RHEL 6.10: net-snmp 5.5-60.el6_10.2

RHEL 7.4: new net-snmp packages.
New packages are available:
  RHEL 7.4: net-snmp 5.7.2-28.el7_4.4

RHEL 7.6: new net-snmp packages.
New packages are available:
  RHEL 7.6: net-snmp 5.7.2-38.el7_6.3

RHEL 7.7: new net-snmp packages.
New packages are available:
  RHEL 7.7: net-snmp 5.7.2-43.el7_7.7

RHEL 7.9: new net-snmp packages.
New packages are available:
  RHEL 7.9: net-snmp 5.7.2-49.el7_9.1

RHEL 8.0: new net-snmp packages.
New packages are available:
  RHEL 8.0: net-snmp 5.8-7.el8_0.4

RHEL 8.1: new net-snmp packages.
New packages are available:
  RHEL 8.1: net-snmp 5.8-12.el8_1.3

RHEL 8.2: new net-snmp packages.
New packages are available:
  RHEL 8.2: net-snmp 5.8-14.el8_2.3

RHEL 8.3: new net-snmp packages.
New packages are available:
  RHEL 8.3: net-snmp 5.8-18.el8_3.1

Ubuntu: new snmpd packages.
New packages are available:
  Ubuntu 20.04 LTS: libsnmp 5.8+dfsg-2ubuntu2.3, snmpd 5.8+dfsg-2ubuntu2.3
  Ubuntu 18.04 LTS: libsnmp 5.7.3+dfsg-1.8ubuntu3.6, snmpd 5.7.3+dfsg-1.8ubuntu3.6
  Ubuntu 16.04 LTS: libsnmp 5.7.3+dfsg-1ubuntu4.6, snmpd 5.7.3+dfsg-1ubuntu4.6
  Ubuntu 14.04 ESM: libsnmp 5.7.2~dfsg-8.1ubuntu3.3+esm2, snmpd 5.7.2~dfsg-8.1ubuntu3.3+esm2
  Ubuntu 12.04 ESM: libsnmp 5.4.3~dfsg-2.4ubuntu1.5, snmpd 5.4.3~dfsg-2.4ubuntu1.5

Wind River Linux: version 10.19.45.12.
The version 10.19.45.12 is fixed:
  https://support2.windriver.com/index.php?page=cve&on=list&show=50&product_id=1&product_version%5B0%5D=24&id_status%5B0%5D=4&cve_id_filter=&s=&submit=&order_by=cve_modified_date&order_way=desc#list
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.