Debian Security Advisory
DLA-2299-1 net-snmp -- LTS security update
- Date Reported:
- 30 Jul 2020
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
Upstream notes that:
- It is still possible to enable this MIB via the --with-mib-modules configure option.
- Another MIB that provides similar functionality, namely ucd-snmp/extensible, is disabled by default.
- The security risk of ucd-snmp/pass and ucd-snmp/pass_persist is lower since these modules only introduce a security risk if the invoked scripts are exploitable.
For Debian 9
Stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u2.
We recommend that you upgrade your net-snmp packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS