GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jul 31, 2020 7:26 pm Post subject: [ GLSA 202007-63 ] SNMP Trap Translator |
 |
|
Gentoo Linux Security Advisory
Title: SNMP Trap Translator: Multiple vulnerabilities (GLSA 202007-63)
Severity: normal
Exploitable: remote
Date: 2020-07-31
Bug(s): #733478
ID: 202007-63
Synopsis
Multiple vulnerabilities have been found in SNMP Trap Translator,
the worst of which could allow attackers to execute arbitrary shell code.
Background
SNMP Trap Translator (SNMPTT) is an SNMP trap handler written in Perl.
Affected Packages
Package: net-analyzer/snmptt
Vulnerable: < 1.4.1
Unaffected: >= 1.4.1
Architectures: All supported architectures
Description
It was found that SNMP Trap Translator does not drop privileges as
configured and does not properly escape shell commands in certain
functions.
Impact
A remote attacker, by sending a malicious crafted SNMP trap, could
possibly execute arbitrary shell code with the privileges of the process
or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All SNMP Trap Translator users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/snmptt-1.4.1"
|
References
SNMPTT 1.4.1 ChangeLog
CVE-2020-24361
Last edited by GLSA on Mon Aug 17, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
