Lucene search

MitreCVE-2004-2300

HistoryAug 05, 2005 - 4:00 a.m.

CVE-2004-2300

2005-08-0504:00:00

mitre

web.nvd.nist.gov

cve-2004-2300

buffer overflow

snmp

ucd-snmp

local users

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.

Affected configurations

Nvd

Node

ucd-snmpucd-snmpRange≤4.2.6

VendorProductVersionCPE
ucd-snmpucd-snmp*cpe:2.3:a:ucd-snmp:ucd-snmp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ucd-snmp	ucd-snmp	*	cpe:2.3:a:ucd-snmp:ucd-snmp::::::::

References

www.packetstormsecurity.org/0405-advisories/snmpdadv.txt

www.securityfocus.com/bid/10396

exchange.xforce.ibmcloud.com/vulnerabilities/16245

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-2300