Vulnerabilities > CVE-2005-1740 - Unspecified vulnerability in Net-Snmp
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN net-snmp
nessus
Summary
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-18.NASL description The remote host is affected by the vulnerability described in GLSA-200505-18 (Net-SNMP: fixproc insecure temporary file creation) The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact : A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18382 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18382 title GLSA-200505-18 : Net-SNMP: fixproc insecure temporary file creation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200505-18. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18382); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1740"); script_xref(name:"GLSA", value:"200505-18"); script_name(english:"GLSA-200505-18 : Net-SNMP: fixproc insecure temporary file creation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200505-18 (Net-SNMP: fixproc insecure temporary file creation) The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact : A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200505-18" ); script_set_attribute( attribute:"solution", value: "All Net-SNMP users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/net-snmp-5.2.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/net-snmp", unaffected:make_list("ge 5.2.1-r1"), vulnerable:make_list("lt 5.2.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Net-SNMP"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-395.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 19988 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19988 title RHEL 4 : net-snmp (RHSA-2005:395) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3E0072D4D05B11D99AED000E0C2E438A.NASL description A Gentoo advisory reports : Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code. A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten. last seen 2020-06-01 modified 2020-06-02 plugin id 18909 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18909 title FreeBSD : net-snmp -- fixproc insecure temporary file creation (3e0072d4-d05b-11d9-9aed-000e0c2e438a) NASL family Fedora Local Security Checks NASL id FEDORA_2005-562.NASL description - Wed Jul 13 2005 Radek Vokal <rvokal at redhat.com> - CVE-2005-2177 new upstream version fixing DoS (#162908) - CVE-2005-1740 net-snmp insecure temporary file usage (#158770) - session free fixed, agentx modules build fine (#157851) - report gigabit Ethernet speeds using Ethtool (#152480) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19197 published 2005-07-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19197 title Fedora Core 3 : net-snmp-5.2.1.2-FC3.1 (2005-562) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-373.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 21812 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21812 title CentOS 3 : net-snmp (CESA-2005:373) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-025.NASL description The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 20819 published 2006-01-29 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20819 title Mandrake Linux Security Advisory : net-snmp (MDKSA-2006:025) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-395.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 67027 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67027 title CentOS 4 : net-snmp (CESA-2005:395) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-373.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 19829 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19829 title RHEL 3 : net-snmp (RHSA-2005:373)
Oval
accepted | 2013-04-29T04:15:14.250-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:11659 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://secunia.com/advisories/15471
- http://secunia.com/advisories/15471
- http://secunia.com/advisories/16999
- http://secunia.com/advisories/16999
- http://secunia.com/advisories/17135
- http://secunia.com/advisories/17135
- http://secunia.com/advisories/18635
- http://secunia.com/advisories/18635
- http://security.gentoo.org/glsa/glsa-200505-18.xml
- http://security.gentoo.org/glsa/glsa-200505-18.xml
- http://securitytracker.com/id?1014039
- http://securitytracker.com/id?1014039
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:025
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:025
- http://www.osvdb.org/16778
- http://www.osvdb.org/16778
- http://www.redhat.com/support/errata/RHSA-2005-373.html
- http://www.redhat.com/support/errata/RHSA-2005-373.html
- http://www.redhat.com/support/errata/RHSA-2005-395.html
- http://www.redhat.com/support/errata/RHSA-2005-395.html
- http://www.securityfocus.com/bid/13715
- http://www.securityfocus.com/bid/13715
- http://www.vupen.com/english/advisories/2005/0598
- http://www.vupen.com/english/advisories/2005/0598
- http://www.zataz.net/adviso/net-snmp-05182005.txt
- http://www.zataz.net/adviso/net-snmp-05182005.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11659
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11659