CVE-2005-2811

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:net-snmp:net-snmp::::::::
	cpe:2.3:a:net-snmp:net-snmp:5.0:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.3:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.5:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.6:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.7:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.8:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.9:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.0.10:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.1.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.1.3:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.2.1:::::::*

History

21 Nov 2024, 00:00

Type	Values Removed	Values Added
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml -

Information

Published : 2005-09-07 18:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2811

Mitre link : CVE-2005-2811

CVE.ORG link : CVE-2005-2811

JSON object : View

Products Affected

net-snmp

net-snmp

CWE

NVD-CWE-Other

{"id": "CVE-2005-2811", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-09-07T18:03:00.000", "references": [{"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F6C98B-4759-43BB-9C6C-B8176C11642B", "versionEndIncluding": "5.2.1.2_r1"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B4FDFF-9E09-4AB9-9196-6A01903473B6"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21E8FC05-D498-4D5D-B5A3-3F16749B7491"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD964F4-9196-4641-A854-09DA86BCC890"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44A07BEF-C759-459E-A144-D37C1A55A9C8"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77D95BAC-CCF3-4E8B-BF31-E277B03C0FA2"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97B7D0D-68CC-463D-A14B-3651D8DD4C73"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFCF39FC-D220-4F4A-8CBF-B993C65671FB"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B5512FA-8B74-4585-ADEF-F710C0DF83A0"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51AAC2EA-8AA7-4303-BD64-74CFC7938D04"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C872A9B0-0B3C-47B2-82F5-344BEBA221CD"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE816EA-2CDF-440A-9B7A-D772F38A3A17"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88517EE-17E2-4128-8355-FAAC815718CB"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "089CEC52-73AC-41B0-BB7F-F24C42DD16E8"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E2BAAA8-313D-41F2-A98D-3557331E35B7"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88260A4F-4707-4B79-939A-F1EB2CD4D57B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}