oss-sec mailing list archives
Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 23 Mar 2009 19:27:07 +0100
Hi, * Jan Lieskovsky <jlieskov () redhat com> [2009-03-23 14:26]:
could you please assign CVE ids for following two low security issues: 1, ucd-snmp / net-snmp snmpd runs with privileges of privileged user a, Red Hat Enterprise Linux / Fedora snmpd runs with UID=0, GID=0 b, Debian snmpd runs with GID=0 References: https://bugzilla.redhat.com/show_bug.cgi?id=491621 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520724
I fail to see the vulnerability in this case. While it's obvious that net-snmp shouldn't run with uid 0 if it doesn't need it, this is no security issue per-se and would not require a CVE id from my opinion. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Jan Lieskovsky (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap yersinia (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)