| Package | net-snmp |
|---|---|
| Version | 5.7.2.1+dfsg-1+deb8u3 |
| Related CVEs | CVE-2020-15862 |
A privilege escalation vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
Upstream notes that:
-
It is still possible to enable this MIB via the
--with-mib-modulesconfigure option. -
Another MIB that provides similar functionality, namely
ucd-snmp/extensible, is disabled by default. -
The security risk of
ucd-snmp/passanducd-snmp/pass_persistis lower since these modules only introduce a security risk if the invoked scripts are exploitable.
For Debian 8 Jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u3.
We recommend that you upgrade your net-snmp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.