Vulnerability-Lookup

CERTA-2003-AVI-212

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Net-SNMP permet à un utilisateur non autorisé (ou communauté non autorisée) d'avoir accès en lecture à des objets de la MIB (Management Information Base) SNMP.

Description

Net-SNMP est un ensemble d'outils et bibliothèques liés au protocole SNMP. Une vulnérabilité dans Net-SNMP permet à un utilisateur (ou une communauté), qui a été explicitement exclue, d'avoir accès en lecture à des objets de la MIB (Management Information Base) SNMP.

Solution

Mettre à jour Net-SNMP en version 5.0.9 (cf. section Documentation).

Toutes les versions de Net-SNMP antérieures à la version 5.0.9.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité RedHat RHSA-2003:335-07	None	vendor-advisory
Avis de sécurité RedHat RHSA-2003:355-07 :	-	other
Site Internet Net-SNMP :	-	other
Avis de sécurité Mandrake MDKSA-2003:115 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de Net-SNMP  ant\u00e9rieures \u00e0 la version 5.0.9.\u003c/p\u003e",
  "content": "## Description\n\nNet-SNMP est un ensemble d\u0027outils et biblioth\u00e8ques li\u00e9s au protocole\nSNMP. Une vuln\u00e9rabilit\u00e9 dans Net-SNMP permet \u00e0 un utilisateur (ou une\ncommunaut\u00e9), qui a \u00e9t\u00e9 explicitement exclue, d\u0027avoir acc\u00e8s en lecture \u00e0\ndes objets de la MIB (Management Information Base) SNMP.\n\n## Solution\n\nMettre \u00e0 jour Net-SNMP en version 5.0.9 (cf. section Documentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 RedHat RHSA-2003:355-07 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2003-335.html"
    },
    {
      "title": "Site Internet Net-SNMP :",
      "url": "http://net-snmp.sourceforge.net"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mandrake MDKSA-2003:115 :",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:115"
    }
  ],
  "reference": "CERTA-2003-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Net-SNMP permet \u00e0 un utilisateur non autoris\u00e9 (ou\ncommunaut\u00e9 non autoris\u00e9e) d\u0027avoir acc\u00e8s en lecture \u00e0 des objets de la\nMIB (Management Information Base) SNMP.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Net-SNMP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 RedHat RHSA-2003:335-07",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted