FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insecure default snmpd.config permissions

Affected packages
10.2 <= FreeBSD < 10.2_9
10.1 <= FreeBSD < 10.1_26
9.3 <= FreeBSD < 9.3_33

Details

VuXML ID 7a31dfba-600a-11e6-a6c3-14dae9d210b8
Discovery 2016-01-14
Entry 2016-08-11

Problem Description:

The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the snmpd.configiguration file, /etc/snmpd.config, is weak and does not provide adequate protection against local unprivileged users.

Impact:

A local user may be able to read the shared secret, if configured and used by the system administrator.

References

CVE Name CVE-2015-5677
FreeBSD Advisory SA-16:06.bsnmpd