Vulnerabilities > CVE-2005-1740 - Unspecified vulnerability in Net-Snmp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
net-snmp
nessus

Summary

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200505-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200505-18 (Net-SNMP: fixproc insecure temporary file creation) The fixproc application of Net-SNMP creates temporary files with predictable filenames. Impact : A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18382
    published2005-05-28
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18382
    titleGLSA-200505-18 : Net-SNMP: fixproc insecure temporary file creation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200505-18.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18382);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2005-1740");
      script_xref(name:"GLSA", value:"200505-18");
    
      script_name(english:"GLSA-200505-18 : Net-SNMP: fixproc insecure temporary file creation");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200505-18
    (Net-SNMP: fixproc insecure temporary file creation)
    
        The fixproc application of Net-SNMP creates temporary files with
        predictable filenames.
      
    Impact :
    
        A malicious local attacker could exploit a race condition to change the
        content of the temporary files before they are executed by fixproc,
        possibly leading to the execution of arbitrary code. A local attacker
        could also create symbolic links in the temporary files directory,
        pointing to a valid file somewhere on the filesystem. When fixproc is
        executed, this would result in the file being overwritten.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200505-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Net-SNMP users should upgrade to the latest available version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-analyzer/net-snmp-5.2.1-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:net-snmp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-analyzer/net-snmp", unaffected:make_list("ge 5.2.1-r1"), vulnerable:make_list("lt 5.2.1-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Net-SNMP");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-395.NASL
    descriptionUpdated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp
    last seen2020-06-01
    modified2020-06-02
    plugin id19988
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19988
    titleRHEL 4 : net-snmp (RHSA-2005:395)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3E0072D4D05B11D99AED000E0C2E438A.NASL
    descriptionA Gentoo advisory reports : Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code. A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.
    last seen2020-06-01
    modified2020-06-02
    plugin id18909
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18909
    titleFreeBSD : net-snmp -- fixproc insecure temporary file creation (3e0072d4-d05b-11d9-9aed-000e0c2e438a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-562.NASL
    description - Wed Jul 13 2005 Radek Vokal <rvokal at redhat.com> - CVE-2005-2177 new upstream version fixing DoS (#162908) - CVE-2005-1740 net-snmp insecure temporary file usage (#158770) - session free fixed, agentx modules build fine (#157851) - report gigabit Ethernet speeds using Ethtool (#152480) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19197
    published2005-07-14
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19197
    titleFedora Core 3 : net-snmp-5.2.1.2-FC3.1 (2005-562)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-373.NASL
    descriptionUpdated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp
    last seen2020-06-01
    modified2020-06-02
    plugin id21812
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21812
    titleCentOS 3 : net-snmp (CESA-2005:373)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-025.NASL
    descriptionThe fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id20819
    published2006-01-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20819
    titleMandrake Linux Security Advisory : net-snmp (MDKSA-2006:025)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-395.NASL
    descriptionUpdated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp
    last seen2020-06-01
    modified2020-06-02
    plugin id67027
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67027
    titleCentOS 4 : net-snmp (CESA-2005:395)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-373.NASL
    descriptionUpdated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp
    last seen2020-06-01
    modified2020-06-02
    plugin id19829
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19829
    titleRHEL 3 : net-snmp (RHSA-2005:373)

Oval

accepted2013-04-29T04:15:14.250-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionfixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
familyunix
idoval:org.mitre.oval:def:11659
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlefixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:373
  • rhsa
    idRHSA-2005:395
rpms
  • net-snmp-0:5.0.9-2.30E.19
  • net-snmp-debuginfo-0:5.0.9-2.30E.19
  • net-snmp-devel-0:5.0.9-2.30E.19
  • net-snmp-libs-0:5.0.9-2.30E.19
  • net-snmp-perl-0:5.0.9-2.30E.19
  • net-snmp-utils-0:5.0.9-2.30E.19
  • net-snmp-0:5.1.2-11.EL4.6
  • net-snmp-debuginfo-0:5.1.2-11.EL4.6
  • net-snmp-devel-0:5.1.2-11.EL4.6
  • net-snmp-libs-0:5.1.2-11.EL4.6
  • net-snmp-perl-0:5.1.2-11.EL4.6
  • net-snmp-utils-0:5.1.2-11.EL4.6