Bug 1174821 (CVE-2020-15861)

Summary: VUL-0: CVE-2020-15861: net-snmp: privilege escalation to root when snmp-mibs-downloader is used
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Alexander Bergmann <abergmann>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/264628/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-15861:7.1:(AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2020-08-03 09:17:16 UTC
CVE-2020-15861

In combination with the *snmp-mibs-downloader package* this protection can be bypassed and it is possible for this account to elevate permissions to the root user.

Upstream Issue:

https://github.com/net-snmp/net-snmp/issues/145

Upstream Commit:

https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1862469
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15861
https://access.redhat.com/security/cve/CVE-2020-15861
Comment 2 Alexander Bergmann 2020-09-02 10:24:30 UTC
Info:

The snmpd under SLE is running as root user. As the daemon is running already as root, elevate permission to the root user is not possible. Therefore we are not affected.

Furthermore, the *snmp-mibs-downloader package* is not available via the SLE repositories and must be installed manually by the administrator.