FreeBSD : net-snmp -- fixproc insecure temporary file creation (3e0072d4-d05b-11d9-9aed-000e0c2e438a)
Critical Nessus Plugin ID 18909
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Gentoo advisory reports :
Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code.
A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.
SolutionUpdate the affected package.