Mandrake Linux Security Advisory : net-snmp (MDKSA-2006:025)
Critical Nessus Plugin ID 20819
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).
A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177).
The updated packages have been patched to correct these problems.
SolutionUpdate the affected packages.