SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Net-snmp Vendors:   net-snmp.sourceforge.net
Net-SNMP May Let Remote Authenticated Users Access Excluded Objects
SecurityTracker Alert ID:  1008117
SecurityTracker URL:  http://securitytracker.com/id/1008117
CVE Reference:   CVE-2003-0935   (Links to External Site)
Updated:  Nov 19 2003
Original Entry Date:  Nov 7 2003
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.9
Description:   An information disclosure vulnerability was reported in Net-SNMP. A remote authenticated user may be able to access data that they are not authorized to access.

It is reported that a remote authenticated user may be able to access to data in MIB objects that have been explicitly excluded from the user's view.

Impact:   A remote authenticated user may be able to access objects that are explicitly excluded from the user's view.
Solution:   The vendor has released a fixed version (5.0.9), available at:

http://sourceforge.net/project/showfiles.php?group_id=12694

Vendor URL:  sourceforge.net/forum/forum.php?forum_id=308015 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 7 2003 (Conectiva Issues Fix) Net-SNMP May Let Remote Authenticated Users Access Excluded Objects
Conectiva has released a fix.
Dec 2 2003 (Red Hat Issues Fix for RH Linux) Net-SNMP May Let Remote Authenticated Users Access Excluded Objects
Red Hat has issued a fix for Red Hat Linux 8.0 and 9.
Dec 12 2003 (Mandrake Issues Fix) Net-SNMP May Let Remote Authenticated Users Access Excluded Objects
Mandrake has released a fix.
Jan 16 2004 (Red Hat Issues Fix for RH Enterprise Linux) Net-SNMP May Let Remote Authenticated Users Access Excluded Objects
Red Hat has released a fix for Red Hat Enterprise Linux 3.



 Source Message Contents

Subject:  sourceforge.net/forum/forum.php?forum_id=308015


sourceforge.net/forum/forum.php?forum_id=308015

 > Date: 2003-09-06 15:37
 > Summary: Net-SNMP 5.0.9 released. Security fix!

 > *5.0.9*
 >
 > SECURITY:
 > - An existing user/community could get access to data in MIB
 > objects that were explicitly excluded from their view.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC