Bug 1174821 - (CVE-2020-15861) VUL-0: CVE-2020-15861: net-snmp: privilege escalation to root when snmp-mibs-downloader is used
(CVE-2020-15861)
VUL-0: CVE-2020-15861: net-snmp: privilege escalation to root when snmp-mibs...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Alexander Bergmann
Security Team bot
https://smash.suse.de/issue/264628/
CVSSv3.1:SUSE:CVE-2020-15861:7.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-03 09:17 UTC by Alexandros Toptsoglou
Modified: 2020-09-02 10:24 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-08-03 09:17:16 UTC
CVE-2020-15861

In combination with the *snmp-mibs-downloader package* this protection can be bypassed and it is possible for this account to elevate permissions to the root user.

Upstream Issue:

https://github.com/net-snmp/net-snmp/issues/145

Upstream Commit:

https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1862469
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15861
https://access.redhat.com/security/cve/CVE-2020-15861
Comment 2 Alexander Bergmann 2020-09-02 10:24:30 UTC
Info:

The snmpd under SLE is running as root user. As the daemon is running already as root, elevate permission to the root user is not possible. Therefore we are not affected.

Furthermore, the *snmp-mibs-downloader package* is not available via the SLE repositories and must be installed manually by the administrator.