Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2300

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2300
Last Modified 05 Sep 2008 04:43:45
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2300

Summary

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.

Vulnerable Systems

Application

  • Ucd-snmp 4.2.6


References

XF - ucd-snmpd-command-bo(16245)

BID - 10396

MISC - http://www.packetstormsecurity.org/0405-advisories/snmpdadv.txt


Last Updated: 27 May 2016 10:39:25