Joined: 12 May 2004
|Posted: Fri Jul 31, 2020 7:26 pm Post subject: [ GLSA 202007-63 ] SNMP Trap Translator
|Gentoo Linux Security Advisory
Title: SNMP Trap Translator: Multiple vulnerabilities (GLSA 202007-63)
Multiple vulnerabilities have been found in SNMP Trap Translator,
the worst of which could allow attackers to execute arbitrary shell code.
SNMP Trap Translator (SNMPTT) is an SNMP trap handler written in Perl.
Vulnerable: < 1.4.1
Unaffected: >= 1.4.1
Architectures: All supported architectures
It was found that SNMP Trap Translator does not drop privileges as
configured and does not properly escape shell commands in certain
A remote attacker, by sending a malicious crafted SNMP trap, could
possibly execute arbitrary shell code with the privileges of the process
or cause a Denial of Service condition.
There is no known workaround at this time.
All SNMP Trap Translator users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/snmptt-1.4.1"
SNMPTT 1.4.1 ChangeLog
Last edited by GLSA on Mon Aug 17, 2020 4:17 am; edited 1 time in total