Package: snmpd Version: 5.4.1~dfsg-12 Severity: grave Tags: security Justification: user security hole
The following output of "ps" shows that the group is "root": ps -eo pid,user,euser,suser,fuser,group,egroup,sgroup,fgroup,comm|head -1 ; ps -eo pid,user,euser,suser,fuser,group,egroup,sgroup,fgroup,comm|grep snmp PID USER EUSER SUSER FUSER GROUP EGROUP SGROUP FGROUP COMMAND 4503 snmp snmp snmp snmp root root root root snmpd This means that it can write to /dev/mapper/control, /dev/kmsg, and /dev/xen/evtchn, as well as probably some files and directories that are created by the sysadmin. If for example the /root directory had more 0770 then this would permit the snmpd to take over the root account. While it would require that the snmpd be compromised to take advantage of this, I believe that it's a security flaw to run code with GID 0 when there is no need for it. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
