Vulnerability CVE-2020-24361: Information

Description

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.

Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5)
Vector: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-24361
Published: Aug. 16, 2020
Modified: Nov. 21, 2024
Error type identifier: CWE-273

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
snmpttsisyphus1.4.2-alt11.5-alt1ALT-PU-2020-3129-1260492Fixed
snmpttp111.4.2-alt11.4.2-alt1ALT-PU-2020-3129-1260492Fixed
snmpttp101.4.2-alt11.4.2-alt1ALT-PU-2020-3129-1260492Fixed
snmpttp91.4.2-alt11.4.2-alt1ALT-PU-2020-3174-1260493Fixed
snmpttc10f21.4.2-alt11.4.2-alt1ALT-PU-2020-3129-1260492Fixed
snmpttc9f21.4.2-alt11.4.2-alt1ALT-PU-2024-3798-3342504Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.snmptt.org/changelog.shtml
  • Release Notes
  • Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00006.html
  • Mailing List
  • Third Party Advisory
https://security.gentoo.org/glsa/202007-63
  • Third Party Advisory
BDU:2021-03734
      1. cpe:2.3:a:snmptt:snmptt:*:*:*:*:*:*:*:*
        End excluding
        1.4.2
        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top