net-snmp -- fixproc insecure temporary file creation

ID 3E0072D4-D05B-11D9-9AED-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-07-13T00:00:00


A Gentoo advisory reports:

Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code. A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.