ID CVE-2003-0935
Summary Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
References
Vulnerable Configurations
  • Net-SNMP Net-SNMP 5.0.1
    cpe:2.3:a:net-snmp:net-snmp:5.0.1
  • Net-SNMP Net-SNMP 5.0.3
    cpe:2.3:a:net-snmp:net-snmp:5.0.3
  • cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2
    cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2
  • Net-SNMP Net-SNMP 5.0.5
    cpe:2.3:a:net-snmp:net-snmp:5.0.5
  • Net-SNMP Net-SNMP 5.0.6
    cpe:2.3:a:net-snmp:net-snmp:5.0.6
  • Net-SNMP Net-SNMP 5.0.7
    cpe:2.3:a:net-snmp:net-snmp:5.0.7
  • Net-SNMP Net-SNMP 5.0.8
    cpe:2.3:a:net-snmp:net-snmp:5.0.8
CVSS
Base: 6.4 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-115.NASL
    description A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14097
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14097
    title Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-023.NASL
    description Updated Net-SNMP packages are available to correct a security vulnerability and other bugs. The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools. A security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0935 to this issue. Users of Net-SNMP are advised to upgrade to these errata packages containing Net-SNMP 5.0.9 which is not vulnerable to this issue. In addition, Net-SNMP 5.0.9 fixes a number of other minor bugs.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 12453
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12453
    title RHEL 3 : net-snmp (RHSA-2004:023)
oval via4
  • accepted 2010-09-20T04:00:44.564-04:00
    class vulnerability
    contributors
    • name Matt Busby
      organization The MITRE Corporation
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
    family unix
    id oval:org.mitre.oval:def:869
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Net-SNMP MIB Information Disclosure Vulnerability
    version 37
  • accepted 2013-04-29T04:22:22.348-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
    family unix
    id oval:org.mitre.oval:def:9802
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
    version 23
redhat via4
advisories
  • rhsa
    id RHSA-2003:335
  • rhsa
    id RHSA-2004:023
refmap via4
conectiva CLA-2003:778
confirm http://sourceforge.net/forum/forum.php?forum_id=308015
Last major update 21-08-2010 - 00:17
Published 01-12-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top