CVE-2020-15861: [Ticket#2020070701000015] Security issues in net-snmp · Issue #145 · net-snmp/net-snmp

Dear all,

In the course of a penetration test performed by our security analysts, we have noticed some security vulnerabilities in net-snmp.

Your deprecated bug tracker (http://www.net-snmp.org/bugs/) redirects to Github. Sadly, Github does not support creating private issues for security relevant bugs.

We would like to send you the findings in an encrypted manner to enable you to mitigate them.
For encrypted communication, we can offer a web-based platform hosted by us, or we can offer to encrypt our e-mails via S/MIME or PGP. Please let us know which method fits you best. In order to transmit our findings via email, we will need either a public S/MIME certificate or your public PGP key of an active and trustworthy contributor of this project.

As stated in our Responsible Disclosure Guideline (see https://www.usd.de/wp-content/uploads/2017/10/usd-Responsible-Disclosure-EN.pdf), we will treat the vulnerabilities as confidential. We will grant you a time frame of 60 days to release a patch. After that deadline, we will reserve the right to publish the vulnerabilities.

Sincerely,
usd responsible disclosure team

About usd AG

usd AG protects companies from hackers and criminals. As an accredited auditor, we consult and certify companies worldwide. Our work is as dynamic and diverse as current threats. We review IT systems, applications and processes for security vulnerabilities and help with their mitigation. With our Security Trainings, we raise security awareness; the CST Academy promotes an active dialogue and a transfer of knowledge.

www.usd.de
more security. usd

…

Registered office: 63263 Neu-Isenburg
Local court of Offenbach: HRB 34667
Executive Board: Andreas Duchmann, Manfred Tubach (CEO)
Chairman supervisory board: Dr. Dietmar Kirchner
VAT ID: DE 163774242
…