oss-sec mailing list archives
Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap
From: yersinia <yersinia.spiros () gmail com>
Date: Tue, 24 Mar 2009 10:08:51 +0100
On Mon, Mar 23, 2009 at 7:27 PM, Nico Golde <oss-security+ml () ngolde de> wrote:
Hi, * Jan Lieskovsky <jlieskov () redhat com> [2009-03-23 14:26]:could you please assign CVE ids for following two low security issues: 1, ucd-snmp / net-snmp snmpd runs with privileges of privileged user a, Red Hat Enterprise Linux / Fedora snmpd runs with UID=0, GID=0 b, Debian snmpd runs with GID=0 References: https://bugzilla.redhat.com/show_bug.cgi?id=491621 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520724I fail to see the vulnerability in this case. While it's obvious that net-snmp shouldn't run with uid 0 if it doesn't need it, this is no security issue per-se and would not require a CVE id from my opinion.
What is more net-snmp have a specific MAC selinux policy in targeted mode in Fedora/RHEL. So the full uid=0 is not so important if Selinux is in enforcing mode. Regards
Current thread:
- CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Jan Lieskovsky (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap yersinia (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)