On Mon, Jan 29, 2018 at 04:09:59PM -0800, Bill Fenner wrote: > On Mon, Jan 29, 2018 at 8:19 AM, Magnus Fromreide <ma...@lysator.liu.se> > wrote: > > > On Mon, Jan 29, 2018 at 10:53:31AM -0300, Pedro Barbosa wrote: > > > Hi, > > > > > > Does anyone know which CVE regards to this issue? > > > > > > https://github.com/rapid7/metasploit-framework/pull/9396 > > > > > > /This exploit module exploits the SNMP write access configuration > > ability of > > > SNMP-EXTEND-MIB to configure MIB extensions and lead to remote code > > > execution. > > > > Well, I do not know of any CVE number but I will happily admit that it > > looks like a catastrohy waiting to happen. > > > > Do people really give read/write SNMP access to untrusted parties?
Hopefully not but I still think giving read/write SNMP access and giving access to execute anything on the host as the user running net-snmp are two entierly different things. > Bill > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
