Bug 158771

Summary: CAN-2005-1740 ucd-snmp insecure temporary file usage
Product: Red Hat Enterprise Linux 2.1 Reporter: Josh Bressers <bressers>
Component: ucd-snmpAssignee: Phil Knirsch <pknirsch>
Status: CLOSED NOTABUG QA Contact: Brock Organ <borgan>
Severity: low Docs Contact:
Priority: medium    
Version: 2.1CC: rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050518,reported=20050525,source=cve
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-27 10:17:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-05-25 15:30:25 UTC 
+++ This bug was initially created as a clone of Bug #158769 +++

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely,
which allows local users to modify the contents of those files to execute
arbitrary commands, or overwrite arbitrary files via a symlink attack.

It looks like this issue also affects ucd-snmp
Comment 1 Phil Knirsch 2005-06-27 10:17:15 UTC 
I've just checked, we don't ship the perl subpackage in AS-2.1 and none of the
shipped packages contain the fixproc utility.

I'm therefore closing this bug as NOTABUG.

Read ya, Phil