-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2393-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 01, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : snmptt Version : 1.4-1+deb9u1 CVE ID : CVE-2020-24361 It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the process or cause a Denial of Service condition. For Debian 9 stretch, this problem has been fixed in version 1.4-1+deb9u1. We recommend that you upgrade your snmptt packages. For the detailed security status of snmptt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/snmptt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl93bQEACgkQhj1N8u2c KO9knQ/9HwMgeN0a1W8Q2fwKz/G1yuBIvjYtrUE8Xeqi3rdPWGc4rTtiN8qKUSrD wBX+gy8KjIpR/DfFztxqE3OaWhRZV4PoLJlaWFtisxGgaMWvXPBKzsH0AI8Rx0xz 6F2JtGjUyePKFEFMkTvIHEKwmTXIBMBJdDIrh8qUtcxTlKBZWk4s4wUUPTjlfo5u d17wG2WGxH/oJP8ljkWsemf2+GZrI9iydMHq5rHeWlMtU18t9SoLLl05EX2SPCUA cVN2wFryxOAbAf6QMiLvMb3gQPLjZi19sZCFC8r+YgwoO6GSqFAMK/owC6bwMdYE p+Uf12Surwo5xK9b0CBr04TYFtUJnsWSh9E7uh1qGVw5pm7OSfmv/2lKSqz+z0ar d9JKnBFhjifGYBhw8Bli6iFfi47o8YgSSChGYs221MxLywqaaL27DI3znjPjs194 tVQoV+AEZ07KHPffVzk13r/xU+gTh4muyAb42p85IKhh48wqC6whpjYIM7heosbs kXgzHutpLGgmkPRxrj/E5ij2UN01pINMQ2jy2rTCvtfoF6yBdiuzwxOz1o5TJDhg DRyyThBUmZQP6gk3R/mpYlKXbWQaCtHBtOAFk5XsOyJ7Lg3ecrvQTnXXgrRrF59K AClEcUxhoA9kik7duv+u3G/AtCLVq12ouPDYqbHtERQ8rsxlQgE= =z42s -----END PGP SIGNATURE-----
