Lucene search

GoogleOSV:DSA-1013-1

HistoryMar 22, 2006 - 12:00 a.m.

snmptrapfmt - insecure temporary file

2006-03-2200:00:00

Google

osv.dev

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

JSON

Will Aoki discovered that snmptrapfmt, a configurable snmp trap
handler daemon for snmpd, does not prevent overwriting existing files
when writing to a temporary log file.

For the old stable distribution (woody) this problem has been fixed in
version 1.03woody1.

For the stable distribution (sarge) this problem has been fixed in
version 1.08sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.10-1.

We recommend that you upgrade your snmptrapfmt package.

CPENameOperatorVersion
snmptrapfmteq1.08

CPE	Name	Operator	Version
	snmptrapfmt	eq	1.08

References

www.debian.org/security/2006/dsa-1013

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

JSON

Related for OSV:DSA-1013-1