"snmpd runs as a low privileged user account. However, in combination with
the *snmp-mibs-downloader package* this protection can be bypassed and it is
possible for this account to elevate permissions to the root user.
This attack happens due to how snmpd handles symlinks."
"Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root."
Patch: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 (which is in 5.8.1_pre1)
Tree seems clean so just need to glsa.
This issue was resolved and addressed in
GLSA 202008-12 at https://security.gentoo.org/glsa/202008-12
by GLSA coordinator Sam James (sam_c).