Bug 1174821 (CVE-2020-15861) - VUL-0: CVE-2020-15861: net-snmp: privilege escalation to root when snmp-mibs-downloader is used
Summary: VUL-0: CVE-2020-15861: net-snmp: privilege escalation to root when snmp-mibs...
Status: RESOLVED FIXED
Alias: CVE-2020-15861
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Alexander Bergmann
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/264628/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-15861:7.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-03 09:17 UTC by Alexandros Toptsoglou
Modified: 2023-01-06 08:38 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-08-03 09:17:16 UTC 
CVE-2020-15861

In combination with the *snmp-mibs-downloader package* this protection can be bypassed and it is possible for this account to elevate permissions to the root user.

Upstream Issue:

https://github.com/net-snmp/net-snmp/issues/145

Upstream Commit:

https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1862469
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15861
https://access.redhat.com/security/cve/CVE-2020-15861
Comment 2 Alexander Bergmann 2020-09-02 10:24:30 UTC 
Info:

The snmpd under SLE is running as root user. As the daemon is running already as root, elevate permission to the root user is not possible. Therefore we are not affected.

Furthermore, the *snmp-mibs-downloader package* is not available via the SLE repositories and must be installed manually by the administrator.
Comment 3 Alexander Bergmann 2023-01-06 08:38:11 UTC 
The upstream commit was part of the upgrade to net-snmp-5.9.3.

Fixed and released.