CVE-2005-1740

2005-05-2404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1740

net-snmp 5.x

temporary files

insecure

local users

arbitrary commands

symlink attack

6.5 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.5%

JSON

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

CPENameOperatorVersion
net-snmp:net-snmpnet-snmpeq5.0.6
net-snmp:net-snmpnet-snmpeq5.0.9
net-snmp:net-snmpnet-snmpeq5.0.4_pre2
net-snmp:net-snmpnet-snmpeq5.0.7
net-snmp:net-snmpnet-snmpeq5.0.1
net-snmp:net-snmpnet-snmpeq5.0.3
net-snmp:net-snmpnet-snmpeq5.1.2
net-snmp:net-snmpnet-snmpeq5.0.5
net-snmp:net-snmpnet-snmpeq5.0.8

CPE	Name	Operator	Version
net-snmp:net-snmp	net-snmp	eq	5.0.6
net-snmp:net-snmp	net-snmp	eq	5.0.9
net-snmp:net-snmp	net-snmp	eq	5.0.4_pre2
net-snmp:net-snmp	net-snmp	eq	5.0.7
net-snmp:net-snmp	net-snmp	eq	5.0.1
net-snmp:net-snmp	net-snmp	eq	5.0.3
net-snmp:net-snmp	net-snmp	eq	5.1.2
net-snmp:net-snmp	net-snmp	eq	5.0.5
net-snmp:net-snmp	net-snmp	eq	5.0.8