Vigil@nce - OpenBSD: read-write access via net-snmp
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read the configuration of the net-snmp
package of OpenBSD, in order to read or alter SNMP data.
Impacted products: OpenBSD.
Severity: 2/4.
Creation date: 10/11/2015.
DESCRIPTION OF THE VULNERABILITY
The net-snmp package can be installed on OpenBSD. This package is
different from the Net-SNMP official sources.
However, this package installs the /etc/snmp/snmpd.conf file as
readable by all local users. An attacker can thus read SNMP
passwords.
A local attacker can therefore read the configuration of the
net-snmp package of OpenBSD, in order to read or alter SNMP data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenBSD-read-write-access-via-net-snmp-18271