aru Posted January 27, 2006 Report Share Posted January 27, 2006 Mandriva Advisories MDKSA-2006:025 : net-snmp Updated net-snmp packages fix vulnerabilities January 26th, 2006 The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code.As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:025 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts