On Mon, Jan 29, 2018 at 10:53:31AM -0300, Pedro Barbosa wrote: > Hi, > > Does anyone know which CVE regards to this issue? > > https://github.com/rapid7/metasploit-framework/pull/9396 > > /This exploit module exploits the SNMP write access configuration ability of > SNMP-EXTEND-MIB to configure MIB extensions and lead to remote code > execution.
Well, I do not know of any CVE number but I will happily admit that it looks like a catastrohy waiting to happen. I propose that 1. The ability to add commands is removed from the extend module (all entries are to be read-only) 2. agent/extend is removed from ucd_snmp.h Do you think this is a good idea going forward? /MF ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
