|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200505-18] Net-SNMP: fixproc insecure temporary file creation Vulnerability Assessment Details
|
[GLSA-200505-18] Net-SNMP: fixproc insecure temporary file creation |
||
|
Net-SNMP: fixproc insecure temporary file creation Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200505-18 (Net-SNMP: fixproc insecure temporary file creation) The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten. Workaround There is no known workaround at this time. Solution: All Net-SNMP users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1-r1" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
|
Wholesale Lots |
|
||
|
No Discussions have been posted on this vulnerability. |