aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch
Commit message (Collapse)AuthorAgeFilesLines
* net-snmp: Fix CVE-2020-15861 and CVE-2020-15862Ovidiu Panait2020-09-031-0/+33
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. References: https://nvd.nist.gov/vuln/detail/CVE-2020-15861 https://nvd.nist.gov/vuln/detail/CVE-2020-15862 Upstream patches: https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3 https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312 https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73 https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context patches needed by the fix to apply cleanly. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>