net-snmp na OpenBSD Permission snmpd.conf Credentials information disclosure

wpiseditHistoryDiffjsonxmlCTI

Podatność została odkryta w net-snmp na OpenBSD (Network Management Software). Podatnością dotknięta jest nieznana funkcja w pliku snmpd.conf w komponencie Permission.

Pole2015-11-10 09:562018-03-09 10:30
namenet-snmpnet-snmp
platformOpenBSDOpenBSD
componentPermissionPermission
filesnmpd.confsnmpd.conf
risk11
historic00
cvss2_vuldb_basescore1.71.7
cvss2_vuldb_tempscore1.31.3
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss3_meta_basescore3.33.3
cvss3_meta_tempscore2.92.9
cvss3_vuldb_basescore3.33.3
cvss3_vuldb_tempscore2.92.9
titlewordCredentialsCredentials
date1447113600 (2015-11-10)1447113600 (2015-11-10)
locationoss-secoss-sec
urlhttp://www.openwall.com/lists/oss-security/2015/11/09/6http://www.openwall.com/lists/oss-security/2015/11/09/6
price_0day$5k-$25k$5k-$25k
cveCVE-2015-8100CVE-2015-8100
xforce107941107941
cvss2_vuldb_eUU
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eUU
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
typeNetwork Management Software
cwe0200 (ujawnienie informacji)
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cve_assigned1447027200
cve_nvd_published1447027200
cve_nvd_summaryThe net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
xforce_titleOpenBSD net-snmp information disclosure
xforce_identifieropenbsd-cve20158100-info-disc

Do you need the next level of professionalism?

Upgrade your account now!