Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-025.NASL
HistoryJan 29, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : net-snmp (MDKSA-2006:025)

2006-01-2900:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).

A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177).

The updated packages have been patched to correct these problems.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:025. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20819);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-1740", "CVE-2005-2177");
  script_bugtraq_id(13715);
  script_xref(name:"MDKSA", value:"2006:025");

  script_name(english:"Mandrake Linux Security Advisory : net-snmp (MDKSA-2006:025)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The fixproc application in Net-SNMP creates temporary files with
predictable file names which could allow a malicious local attacker to
change the contents of the temporary file by exploiting a race
condition, which could possibly lead to the execution of arbitrary
code. As well, a local attacker could create symbolic links in the
/tmp directory that point to a valid file that would then be
overwritten when fixproc is executed (CVE-2005-1740).

A remote Denial of Service vulnerability was also discovered in the
SNMP library that could be exploited by a malicious SNMP server to
crash the agent, if the agent uses TCP sockets for communication
(CVE-2005-2177).

The updated packages have been patched to correct these problems."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp5-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp5-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-mibs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-trapd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-NetSNMP");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64net-snmp5-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64net-snmp5-devel-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64net-snmp5-static-devel-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnet-snmp5-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnet-snmp5-devel-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libnet-snmp5-static-devel-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"net-snmp-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"net-snmp-mibs-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"net-snmp-trapd-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"net-snmp-utils-5.1.2-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"perl-NetSNMP-5.1.2-6.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64net-snmp5-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64net-snmp5-devel-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64net-snmp5-static-devel-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnet-snmp5-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnet-snmp5-devel-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnet-snmp5-static-devel-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"net-snmp-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"net-snmp-mibs-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"net-snmp-trapd-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"net-snmp-utils-5.2.1-3.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"perl-NetSNMP-5.2.1-3.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64net-snmp5p-cpe:/a:mandriva:linux:lib64net-snmp5
mandrivalinuxlib64net-snmp5-develp-cpe:/a:mandriva:linux:lib64net-snmp5-devel
mandrivalinuxlib64net-snmp5-static-develp-cpe:/a:mandriva:linux:lib64net-snmp5-static-devel
mandrivalinuxlibnet-snmp5p-cpe:/a:mandriva:linux:libnet-snmp5
mandrivalinuxlibnet-snmp5-develp-cpe:/a:mandriva:linux:libnet-snmp5-devel
mandrivalinuxlibnet-snmp5-static-develp-cpe:/a:mandriva:linux:libnet-snmp5-static-devel
mandrivalinuxnet-snmpp-cpe:/a:mandriva:linux:net-snmp
mandrivalinuxnet-snmp-mibsp-cpe:/a:mandriva:linux:net-snmp-mibs
mandrivalinuxnet-snmp-trapdp-cpe:/a:mandriva:linux:net-snmp-trapd
mandrivalinuxnet-snmp-utilsp-cpe:/a:mandriva:linux:net-snmp-utils
Rows per page:
1-10 of 131

Related

nessus 15
securityvulns 5
redhat 3
centos 3
openvas 10
cve 4
gentoo 1
debiancve 3
freebsd 2
ubuntu 2
ubuntucve 3
debian 2
nessus
nessus
Fedora Core 3 : net-snmp-5.2.1.2-FC3.1 (2005-562)
2005-07-14 00:00:00
CentOS 4 : net-snmp (CESA-2005:395)
2013-06-29 00:00:00
CentOS 3 : net-snmp (CESA-2005:373)
2006-07-03 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2006:025 ] - Updated net-snmp packages fix vulnerabilities
2006-01-27 00:00:00
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
2006-11-14 00:00:00
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
2006-11-14 00:00:00
redhat
redhat
(RHSA-2005:395) net-snmp security update
2005-10-05 00:00:00
(RHSA-2005:373) net-snmp security update
2005-09-28 00:00:00
(RHSA-2005:720) ucd-snmp security update
2005-08-09 00:00:00
centos
centos
net security update
2005-10-05 16:15:27
net security update
2005-09-28 16:11:45
ucd security update
2005-08-09 23:01:15
openvas
openvas
Gentoo Security Advisory GLSA 200505-18 (net-snmp)
2008-09-24 00:00:00
FreeBSD Ports: net-snmp
2008-09-04 00:00:00
FreeBSD Ports: net-snmp
2008-09-04 00:00:00
cve
cve
CVE-2005-1740
2005-05-24 04:00:00
CVE-2005-2177
2005-07-11 04:00:00
CVE-2006-5941
2006-11-24 17:07:00
gentoo
gentoo
Net-SNMP: fixproc insecure temporary file creation
2005-05-23 00:00:00
debiancve
debiancve
CVE-2005-1740
2005-05-24 04:00:00
CVE-2005-2177
2005-07-11 04:00:00
CVE-2005-4837
2005-12-31 05:00:00
freebsd
freebsd
net-snmp -- fixproc insecure temporary file creation
2005-05-23 00:00:00
net-snmp -- remote DoS vulnerability
2005-07-02 00:00:00
ubuntu
ubuntu
ucs-snmp vulnerability
2005-11-21 00:00:00
SNMP vulnerability
2005-09-30 00:00:00
ubuntucve
ubuntucve
CVE-2005-1740
2005-05-24 00:00:00
CVE-2005-2177
2005-07-11 00:00:00
CVE-2005-4837
2005-12-31 00:00:00
debian
debian
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service
2005-10-26 18:11:20
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service
2005-10-26 18:11:20
JSON
Related for MANDRAKE_MDKSA-2006-025.NASL
nessus15securityvulns5redhat3centos3openvas10cve4gentoo1debiancve3freebsd2ubuntu2ubuntucve3debian2