Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
BID:21503
Info
Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
| Bugtraq ID: | 21503 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6305 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 08 2006 12:00AM |
| Updated: | Dec 08 2006 12:00AM |
| Credit: | Robert Story discovered this issue. |
| Vulnerable: |
Net-SNMP Net-SNMP 5.3 |
| Not Vulnerable: |
Net-SNMP Net-SNMP 5.3.0.1 |
Discussion
Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
The net-snmp package is prone to a security restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations and potentially execute code.
Exploiting this vulnerability allows an attacker to obtain write access to read-only users or SNMP communities.
This issue is reported to affect version 5.3; other versions may also be vulnerable.
The net-snmp package is prone to a security restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations and potentially execute code.
Exploiting this vulnerability allows an attacker to obtain write access to read-only users or SNMP communities.
This issue is reported to affect version 5.3; other versions may also be vulnerable.
Exploit / POC
Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
Solution:
The vendor has released version 5.3.0.1 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
Net-SNMP Net-SNMP 5.3
Solution:
The vendor has released version 5.3.0.1 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
Net-SNMP Net-SNMP 5.3
-
Net-SNMP net-snmp-5.3.1.tar.gz
http://downloads.sourceforge.net/net-snmp/net-snmp-5.3.1.tar.gz
References
Net-SNMP SNMPD.Conf Tokens Security Restriction Bypass Vulnerability
References:
References:
- Net-SNMP Homepage (Net-SNMP)