A privilege escalation vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
Upstream notes that:
It is still possible to enable this MIB via the
Another MIB that provides similar functionality, namely
ucd-snmp/extensible, is disabled by default.
The security risk of
ucd-snmp/pass_persistis lower since these modules only introduce a security risk if the invoked scripts are exploitable.
For Debian 8 Jessie, these problems have been fixed in version 188.8.131.52+dfsg-1+deb8u3.
We recommend that you upgrade your net-snmp packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/