Summary: | <net-analyzer/snmptt-1.4.1: Security issue in EXEC / PREXEC / unknown_trap_exec allowing possible code execution (CVE-2020-24361) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | netmon |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.snmptt.org/changelog.shtml | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
=net-analyzer/snmptt-1.4.2 x86
|
Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2020-07-22 07:04:27 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2e5927463dcd8e1cb8fb49e14cb9636631a8039 commit b2e5927463dcd8e1cb8fb49e14cb9636631a8039 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-07-22 06:55:06 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-07-22 07:04:50 +0000 net-analyzer/snmptt: Version 1.4.1 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Bug: https://bugs.gentoo.org/733478 Closes: https://bugs.gentoo.org/show_bug.cgi?id=433443 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/snmptt/Manifest | 1 + net-analyzer/snmptt/snmptt-1.4.1.ebuild | 60 +++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) x86 stable. Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec104869262c49683a690bfa0b2409c48afe2a1e commit ec104869262c49683a690bfa0b2409c48afe2a1e Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-07-25 09:36:58 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-07-25 09:38:16 +0000 net-analyzer/snmptt: Old Package-Manager: Portage-3.0.0, Repoman-2.3.23 Bug: https://bugs.gentoo.org/733478 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/snmptt/Manifest | 1 - net-analyzer/snmptt/snmptt-1.4.ebuild | 52 ----------------------------------- 2 files changed, 53 deletions(-) We need to stabilise 1.4.2 instead. 1.4.1 has been yanked due to a problem and the maintainer put out 1.4.2 shortly after instead. x86 stable. I guess we should cleanup again in case the problem was an incomplete fix. Cleanup done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd84225dcdea15ae58eab5f1542e6c0663b756d9. This issue was resolved and addressed in GLSA 202007-63 at https://security.gentoo.org/glsa/202007-63 by GLSA coordinator Sam James (sam_c). Assigned: CVE-2020-24361 Description: "SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9e88e4d3add589d3e6068027d614349f1675a506 commit 9e88e4d3add589d3e6068027d614349f1675a506 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-16 05:37:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-16 05:37:37 +0000 [ GLSA 202007-63 ] Add now-assigned CVE-2020-24361 Bug: https://bugs.gentoo.org/733478 Signed-off-by: Sam James <sam@gentoo.org> glsa-202007-63.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) |