FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-snmp -- fixproc insecure temporary file creation

Affected packages
net-snmp <


VuXML ID 3e0072d4-d05b-11d9-9aed-000e0c2e438a
Discovery 2005-05-23
Entry 2005-07-09
Modified 2005-07-13

A Gentoo advisory reports:

Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code.

A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.


Bugtraq ID 13715
CVE Name CVE-2005-1740