Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151110025546.502E46C0115@smtpvmsrv1.mitre.org>
Date: Mon,  9 Nov 2015 21:55:46 -0500 (EST)
From: cve-assign@...re.org
To: pierre.kim.sec@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: net-snmp OpenBSD package - insecure file permission vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> By default the permissions of the snmpd configuration file are 0644
> instead of 0600:

>   -rw-r--r--  1 root  wheel  6993 Nov  4 09:16 /etc/snmp/snmpd.conf

> The snmpd configuration file is readable by a local user and contains
> the credentials
> for read-only and read-write access (for SNMPv1, SNMPv2 and SNMPv3
> protocols) and gives a local user unnecessary/dangerous access

Use CVE-2015-8100.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWQVxaAAoJEL54rhJi8gl5W/UP/03ySa/FVL8bh6bVyv/a9b6n
fUiKD8LnPJBFf/3mnocDkvXO+PaUhTTXi4Us8Ym19gvOiE8xu6DkAczBU9jtSAeZ
qKDtAxa+hqsiKhWqHFILt+wGzsBUTDRR0GaRRGXfWRLIZXje9UUtllg7Vy2WIWO0
coxO9m7nHwmNHo748uLCFW2v1n/EuHmXhW7rz4QJHWIWOm6JXdGjMG8RqeTJLOLz
qoMWbnWQaW6xgDSrDEeM4ENlZ8gSSSQrBDhq5lEtW1oHu2K/fa5DwUVWIgLRJFQA
clDIGEZww3u0o1PmdfvCaCrmAtEQ6yClu8rmsXF6P8kJO7WaGb7yiN32unBaiVUv
Qh3BDOjizs8c+tLKVvmTZxgy2BiVgzy1/c66q2lqkmNITgVpV08xz3wfMayuyliy
v5GIO2QjV2aVoPeneROGh2G8CPT/BffO9UJX2x5ECVEWh9JclQsj1iO44+6tPzQG
dqLWCY5ILUp58SmD6Ks0ltb5gLBGcDGsRz982VQ6isw9PeesSjjUM7pcUVOOo354
kZ+fenAsvOH0HLA1qrbTJFZ/evmr4OnzX/5z3ucYkTo9Ce7ze22YoLZGLhgANs+N
zy4Nu58WYJDvWO3x+MwXxX4GXXYxkLvIZCBoJADqakBV6dTjPhDLnvII1Y3ZBf3Q
Fgjnyyvn2oVm29xOZr/o
=j4TX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.