PT-2017-6881 · Freebsd · Freebsd

Pierre Kim

Published

2016-01-14

Updated

2017-09-10

CVE-2015-5677

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeBSD versions 9.3, 10.1, and 10.2

Description The issue concerns the bsnmpd daemon in FreeBSD, which uses world-readable permissions on the snmpd.config file. This allows local users to read the file and obtain the secret key for USM authentication.

Recommendations For FreeBSD versions 9.3, 10.1, and 10.2, consider changing the permissions of the snmpd.config file to prevent world-readable access. For FreeBSD versions 9.3, 10.1, and 10.2, restrict local user access to the snmpd.config file until a proper fix is applied.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-5677

FREEBSD-SA-16_06

Affected Products

Freebsd

PT-2017-6881 · Freebsd · Freebsd

CVE-2015-5677

Weakness Enumeration

Related Identifiers

Affected Products

References · 5