Search...

Net-SNMP Unauthenticated MIB Object Access

2003-09-09T10:22:51

ID OSVDB:2148
Type osvdb
Reporter OSVDB
Modified 2003-09-09T10:22:51

Description

No description provided by the source

References:

Vendor Specific Solution URL: http://sourceforge.net/project/showfiles.php?group_id=12694 Vendor Specific Advisory URL Secunia Advisory ID:9697 RedHat RHSA: RHSA-2003:335 OVAL ID: 869 ISS X-Force ID: 13139 CVE-2003-0935 Bugtraq ID: 8582

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2003-09-09T10:22:51", "href": "https://vulners.com/osvdb/OSVDB:2148", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8b967d460b682042637c0a667cfbbb7d"}, {"key": "cvss", "hash": "74ae407306a397b0a0ad358180716883"}, {"key": "description", "hash": "c6f6c5afea6719ebfa4c2108ddaf9ee0"}, {"key": "href", "hash": "f2a01e1575fc27c73b71ff6285ca3a25"}, {"key": "modified", "hash": "11b92c53c11a1b128367c46293b14e02"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "11b92c53c11a1b128367c46293b14e02"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "371ccd8d637d72d6d3569e1d9e1c09d9"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/", "score": 6.4}, "viewCount": 1, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "Net-SNMP Unauthenticated MIB Object Access ", "affectedSoftware": [], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "references": [], "id": "OSVDB:2148", "hash": "ab77da5045471dff57b4038a75b3411a9effc479fd5cfaedb0faf3441a603c6b", "lastseen": "2017-04-28T13:19:56", "cvelist": ["CVE-2003-0935"], "modified": "2003-09-09T10:22:51", "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sourceforge.net/project/showfiles.php?group_id=12694\n[Vendor Specific Advisory URL](http://sourceforge.net/project/shownotes.php?release_id=182697)\n[Secunia Advisory ID:9697](https://secuniaresearch.flexerasoftware.com/advisories/9697/)\nRedHat RHSA: RHSA-2003:335\nOVAL ID: 869\nISS X-Force ID: 13139\n[CVE-2003-0935](https://vulners.com/cve/CVE-2003-0935)\nBugtraq ID: 8582\n"}

{"cve": [{"lastseen": "2017-10-11T11:05:51", "references": ["http://sourceforge.net/forum/forum.php?forum_id=308015", "http://www.redhat.com/support/errata/RHSA-2004-023.html", "http://www.redhat.com/support/errata/RHSA-2003-335.html", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778"], "description": "Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.", "edition": 3, "reporter": "NVD", "published": "2003-12-01T00:00:00", "title": "CVE-2003-0935", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:51", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:869", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-0935"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:869", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:869"}], "modified": "2017-10-10T21:29:16", "cpe": ["cpe:/a:net-snmp:net-snmp:5.0.7", "cpe:/a:net-snmp:net-snmp:5.0.1", "cpe:/a:net-snmp:net-snmp:5.0.4_pre2", "cpe:/a:net-snmp:net-snmp:5.0.6", "cpe:/a:net-snmp:net-snmp:5.0.3", "cpe:/a:net-snmp:net-snmp:5.0.8", "cpe:/a:net-snmp:net-snmp:5.0.5"], "id": "CVE-2003-0935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0935", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:08", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------\r\n Red Hat Security Advisory\r\n\r\nSynopsis: Updated Net-SNMP packages fix security and other bugs\r\nAdvisory ID: RHSA-2003:335-01\r\nIssue date: 2003-12-02\r\nUpdated on: 2003-12-02\r\nProduct: Red Hat Linux\r\nKeywords: ucd-snmp\r\nCross references: \r\nObsoletes: RHSA-2003:228\r\nCVE Names: CAN-2003-0935\r\n- ---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nUpdated Net-SNMP packages are available to correct a security vulnerability\r\nand other bugs.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 8.0 - i386\r\nRed Hat Linux 9 - i386\r\n\r\n3. Problem description:\r\n\r\nThe Net-SNMP project includes various Simple Network Management Protocol\r\n(SNMP) tools.\r\n\r\nA security issue in Net-SNMP versions before 5.0.9 could allow an existing\r\nuser/community to gain access to data in MIB objects that were explicitly\r\nexcluded from their view. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2003-0935 to this issue.\r\n\r\nUsers of Net-SNMP are advised upgrade to these errata packages containing\r\nNet-SNMP 5.0.9 which is not vulnerable to this issue. In addition,\r\nNet-SNMP 5.0.9 fixes a number of other minor bugs.\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied.\r\n\r\nTo update all RPMs for your particular architecture, run:\r\n\r\nrpm -Fvh [filenames]\r\n\r\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\r\nRPMs which are currently installed will be updated. Those RPMs which are\r\nnot installed but included in the list will not be updated. Note that you\r\ncan also use wildcards (*.rpm) if your current directory *only* contains the\r\ndesired RPMs.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this an easier way to apply updates. To use Red Hat Network,\r\nlaunch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system.\r\n\r\n5. RPMs required:\r\n\r\nRed Hat Linux 8.0:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/8.0/en/os/SRPMS/net-snmp-5.0.9-2.80.1.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/8.0/en/os/i386/net-snmp-5.0.9-2.80.1.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/net-snmp-devel-5.0.9-2.80.1.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/net-snmp-perl-5.0.9-2.80.1.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/net-snmp-utils-5.0.9-2.80.1.i386.rpm\r\n\r\nRed Hat Linux 9:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/9/en/os/SRPMS/net-snmp-5.0.9-2.90.1.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/9/en/os/i386/net-snmp-5.0.9-2.90.1.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/net-snmp-devel-5.0.9-2.90.1.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/net-snmp-perl-5.0.9-2.90.1.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/net-snmp-utils-5.0.9-2.90.1.i386.rpm\r\n\r\n\r\n\r\n6. Verification:\r\n\r\nMD5 sum Package Name\r\n- --------------------------------------------------------------------------\r\n67d440e6f8a4c80f8a784b9379b0a729 8.0/en/os/SRPMS/net-snmp-5.0.9-2.80.1.src.rpm\r\n8010acf4d3288e4fcb4aa27a969d5a80 8.0/en/os/i386/net-snmp-5.0.9-2.80.1.i386.rpm\r\n4076d0807c65958adae8d9817f368214 8.0/en/os/i386/net-snmp-devel-5.0.9-2.80.1.i386.rpm\r\n521cf4af9fecdbf5000262c9493a085e 8.0/en/os/i386/net-snmp-perl-5.0.9-2.80.1.i386.rpm\r\n2346cea65b945ffae9f1f9f51596af51 8.0/en/os/i386/net-snmp-utils-5.0.9-2.80.1.i386.rpm\r\n94392aa55c263bdcbb6449c1d3a11f64 9/en/os/SRPMS/net-snmp-5.0.9-2.90.1.src.rpm\r\n919a0e6b483c3c2d535d9882c98d3dde 9/en/os/i386/net-snmp-5.0.9-2.90.1.i386.rpm\r\n944e33a996abef958f336c23adc04c9a 9/en/os/i386/net-snmp-devel-5.0.9-2.90.1.i386.rpm\r\n13a537163ee51961f014c87652ebc95c 9/en/os/i386/net-snmp-perl-5.0.9-2.90.1.i386.rpm\r\ne006694219c4e02ab63b7759bfeda409 9/en/os/i386/net-snmp-utils-5.0.9-2.90.1.i386.rpm\r\n\r\n\r\nThese packages are GPG signed by Red Hat for security. Our key is\r\navailable from https://www.redhat.com/security/keys.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n7. References:\r\n\r\nhttp://sourceforge.net/forum/forum.php?forum_id=308015\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0935\r\n\r\n8. Contact:\r\n\r\nThe Red Hat security contact is <secalert@redhat.com>. More contact\r\ndetails at https://www.redhat.com/solutions/security/news/contact.html\r\n\r\nCopyright 2003 Red Hat, Inc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQE/zM20XlSAg2UNWIIRAj38AJkBxIhjyaziPIP/pXLBrsMrUX+ilwCeI74T\r\ndorA+zBqNuBRn17VBcdyeDQ=\r\n=4pXp\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-12-03T00:00:00", "title": "[RHSA-2003:335-01] Updated Net-SNMP packages fix security and other bugs", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:08", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0935"], "modified": "2003-12-03T00:00:00", "id": "SECURITYVULNS:DOC:5480", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5480", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:05", "references": ["http://sourceforge.net/forum/forum.php?forum_id=308015"], "pluginID": "14097", "description": "A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view.\n\nThe updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0935"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:net-snmp-mibs", "p-cpe:/a:mandriva:linux:libnet-snmp50-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:libnet-snmp50", "p-cpe:/a:mandriva:linux:net-snmp-trapd", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:net-snmp", "p-cpe:/a:mandriva:linux:net-snmp-utils", "p-cpe:/a:mandriva:linux:libnet-snmp50-devel"], "id": "MANDRAKE_MDKSA-2003-115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14097", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:115. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14097);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2003-0935\");\n script_xref(name:\"MDKSA\", value:\"2003:115\");\n\n script_name(english:\"Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an\nexisting user/community to gain access to data in MIB objects that\nwere explicitly excluded from their view.\n\nThe updated packages provide Net-SNMP version 5.0.9 which is not\nvulnerable to this issue and also fixes a number of other smaller\nbugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sourceforge.net/forum/forum.php?forum_id=308015\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnet-snmp50\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnet-snmp50-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnet-snmp50-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-mibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-trapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libnet-snmp50-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libnet-snmp50-devel-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libnet-snmp50-static-devel-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"net-snmp-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"net-snmp-mibs-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"net-snmp-trapd-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"net-snmp-utils-5.0.9-1.1.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnet-snmp50-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnet-snmp50-devel-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnet-snmp50-static-devel-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"net-snmp-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"net-snmp-mibs-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"net-snmp-trapd-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"net-snmp-utils-5.0.9-7.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:06:57", "references": ["http://rhn.redhat.com/errata/RHSA-2004-023.html", "http://sourceforge.net/forum/forum.php?forum_id=308015", "https://www.redhat.com/security/data/cve/CVE-2003-0935.html"], "pluginID": "12453", "description": "Updated Net-SNMP packages are available to correct a security vulnerability and other bugs.\n\nThe Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools.\n\nA security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0935 to this issue.\n\nUsers of Net-SNMP are advised to upgrade to these errata packages containing Net-SNMP 5.0.9 which is not vulnerable to this issue. In addition, Net-SNMP 5.0.9 fixes a number of other minor bugs.", "edition": 5, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 3 : net-snmp (RHSA-2004:023)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0935"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:net-snmp", "p-cpe:/a:redhat:enterprise_linux:net-snmp-devel", "p-cpe:/a:redhat:enterprise_linux:net-snmp-utils"], "id": "REDHAT-RHSA-2004-023.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:023. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12453);\n script_version (\"$Revision: 1.20 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:44 $\");\n\n script_cve_id(\"CVE-2003-0935\");\n script_xref(name:\"RHSA\", value:\"2004:023\");\n\n script_name(english:\"RHEL 3 : net-snmp (RHSA-2004:023)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Net-SNMP packages are available to correct a security\nvulnerability and other bugs.\n\nThe Net-SNMP project includes various Simple Network Management\nProtocol (SNMP) tools.\n\nA security issue in Net-SNMP versions before 5.0.9 could allow an\nexisting user/community to gain access to data in MIB objects that\nwere explicitly excluded from their view. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2003-0935 to this issue.\n\nUsers of Net-SNMP are advised to upgrade to these errata packages\ncontaining Net-SNMP 5.0.9 which is not vulnerable to this issue. In\naddition, Net-SNMP 5.0.9 fixes a number of other minor bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0935.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://sourceforge.net/forum/forum.php?forum_id=308015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected net-snmp, net-snmp-devel and / or net-snmp-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:net-snmp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:023\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"net-snmp-5.0.9-2.30E.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"net-snmp-devel-5.0.9-2.30E.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"net-snmp-utils-5.0.9-2.30E.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-snmp / net-snmp-devel / net-snmp-utils\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2017-08-02T22:57:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.0.9-2.30E.1", "packageFilename": "net-snmp-5.0.9-2.30E.1.ia64.rpm", "packageName": "net-snmp", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.0.9-2.30E.1", "packageFilename": "net-snmp-devel-5.0.9-2.30E.1.ia64.rpm", "packageName": "net-snmp-devel", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.0.9-2.30E.1", "packageFilename": "net-snmp-utils-5.0.9-2.30E.1.ia64.rpm", "packageName": "net-snmp-utils", "arch": "ia64", "operator": "lt"}], "description": "The Net-SNMP project includes various Simple Network Management Protocol\n(SNMP) tools.\n\nA security issue in Net-SNMP versions before 5.0.9 could allow an existing\nuser/community to gain access to data in MIB objects that were explicitly\nexcluded from their view. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0935 to this issue.\n\nUsers of Net-SNMP are advised to upgrade to these errata packages containing\nNet-SNMP 5.0.9 which is not vulnerable to this issue. In addition,\nNet-SNMP 5.0.9 fixes a number of other minor bugs.", "reporter": "RedHat", "published": "2004-01-15T05:00:00", "type": "redhat", "title": "(RHSA-2004:023) net-snmp security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0935"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:34:25", "id": "RHSA-2004:023", "href": "https://access.redhat.com/errata/RHSA-2004:023", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}