Vulnerabilities > CVE-2003-0935 - Unspecified vulnerability in Net-Snmp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-115.NASL description A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 14097 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14097 title Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:115. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14097); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0935"); script_xref(name:"MDKSA", value:"2003:115"); script_name(english:"Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs." ); script_set_attribute( attribute:"see_also", value:"http://sourceforge.net/forum/forum.php?forum_id=308015" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp50"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp50-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp50-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-mibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-trapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libnet-snmp50-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libnet-snmp50-devel-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libnet-snmp50-static-devel-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"net-snmp-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"net-snmp-mibs-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"net-snmp-trapd-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"net-snmp-utils-5.0.9-1.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnet-snmp50-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnet-snmp50-devel-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnet-snmp50-static-devel-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"net-snmp-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"net-snmp-mibs-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"net-snmp-trapd-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"net-snmp-utils-5.0.9-7.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-023.NASL description Updated Net-SNMP packages are available to correct a security vulnerability and other bugs. The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools. A security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0935 to this issue. Users of Net-SNMP are advised to upgrade to these errata packages containing Net-SNMP 5.0.9 which is not vulnerable to this issue. In addition, Net-SNMP 5.0.9 fixes a number of other minor bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 12453 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12453 title RHEL 3 : net-snmp (RHSA-2004:023) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:023. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12453); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0935"); script_xref(name:"RHSA", value:"2004:023"); script_name(english:"RHEL 3 : net-snmp (RHSA-2004:023)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Net-SNMP packages are available to correct a security vulnerability and other bugs. The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools. A security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0935 to this issue. Users of Net-SNMP are advised to upgrade to these errata packages containing Net-SNMP 5.0.9 which is not vulnerable to this issue. In addition, Net-SNMP 5.0.9 fixes a number of other minor bugs." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0935" ); # http://sourceforge.net/forum/forum.php?forum_id=308015 script_set_attribute( attribute:"see_also", value:"https://sourceforge.net/p/legacy_/forum/forum.php?forum_id=308015" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:023" ); script_set_attribute( attribute:"solution", value: "Update the affected net-snmp, net-snmp-devel and / or net-snmp-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:net-snmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/01"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:023"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"net-snmp-5.0.9-2.30E.1")) flag++; if (rpm_check(release:"RHEL3", reference:"net-snmp-devel-5.0.9-2.30E.1")) flag++; if (rpm_check(release:"RHEL3", reference:"net-snmp-utils-5.0.9-2.30E.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-snmp / net-snmp-devel / net-snmp-utils"); } }
Oval
accepted 2010-09-20T04:00:44.564-04:00 class vulnerability contributors name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. family unix id oval:org.mitre.oval:def:869 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Net-SNMP MIB Information Disclosure Vulnerability version 41 accepted 2013-04-29T04:22:22.348-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. family unix id oval:org.mitre.oval:def:9802 status accepted submitted 2010-07-09T03:56:16-04:00 title Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. version 26
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778
- http://sourceforge.net/forum/forum.php?forum_id=308015
- http://www.redhat.com/support/errata/RHSA-2003-335.html
- http://www.redhat.com/support/errata/RHSA-2004-023.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802