Net-SNMP Fixproc Insecure Temporary File Creation Vulnerability

Bugtraq ID: 13715
Class: Design Error
CVE: CVE-2005-1740
Remote: No
Local: Yes
Published: May 23 2005 12:00AM
Updated: Aug 17 2011 01:30PM
Credit: eromang <eromang@zataz.net> is credited with the discovery of this issue.
Vulnerable: Sun Solaris 10_x86
Sun Solaris 10_sparc
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Net-SNMP Net-SNMP 5.2.1
Net-SNMP Net-SNMP 5.2
Net-SNMP Net-SNMP 5.1.2
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
 + Ubuntu Ubuntu Linux 5.0 4 i386
 + Ubuntu Ubuntu Linux 5.0 4 amd64
 Net-SNMP Net-SNMP 5.1.1
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Net-SNMP Net-SNMP 5.1
Net-SNMP Net-SNMP 5.0.9
Net-SNMP Net-SNMP 5.0.8
Net-SNMP Net-SNMP 5.0.7
+ Conectiva Linux 9.0
Net-SNMP Net-SNMP 5.0.6
Net-SNMP Net-SNMP 5.0.5
Net-SNMP Net-SNMP 5.0.4 .pre2
+ RedHat Linux 9.0 i386
 + RedHat Linux 8.0 i386
 Net-SNMP Net-SNMP 5.0.3
Net-SNMP Net-SNMP 5.0.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Apache Software Foundation Apache 1.3.33
+ Apple Mac OS X 10.3.6
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X Server 10.3.6
+ Apple Mac OS X Server 10.2.8
+ Debian Linux 3.1 sparc
 + Debian Linux 3.1 s/390
 + Debian Linux 3.1 ppc
 + Debian Linux 3.1 mipsel
 + Debian Linux 3.1 mips
 + Debian Linux 3.1 m68k
 + Debian Linux 3.1 ia-64
 + Debian Linux 3.1 ia-32
 + Debian Linux 3.1 hppa
 + Debian Linux 3.1 arm
 + Debian Linux 3.1 amd64
 + Debian Linux 3.1 alpha
 + Debian Linux 3.1
Apache Software Foundation Apache 1.3.32
+ Gentoo Linux 1.4
+ Gentoo Linux
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current
 Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ MandrakeSoft Linux Mandrake 10.0 AMD64
 + MandrakeSoft Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
 + MandrakeSoft Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
 + OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
 + HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
 + MandrakeSoft Linux Mandrake 9.1 ppc
 + MandrakeSoft Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
 + OpenPKG OpenPKG Current
 + RedHat Enterprise Linux AS 2.1 IA64
 + RedHat Enterprise Linux AS 2.1
 + RedHat Enterprise Linux ES 2.1 IA64
 + RedHat Enterprise Linux ES 2.1
 + RedHat Enterprise Linux WS 2.1 IA64
 + RedHat Enterprise Linux WS 2.1
 + RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
- Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
 - Microsoft Windows 2000 Datacenter Server SP2
 - Microsoft Windows 2000 Datacenter Server SP1
 - Microsoft Windows 2000 Datacenter Server SP1
 - Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Enterprise Server 4.0 SP2
 - Microsoft Windows NT Enterprise Server 4.0 SP2
 - Microsoft Windows NT Enterprise Server 4.0 SP1
 - Microsoft Windows NT Enterprise Server 4.0 SP1
 - Microsoft Windows NT Enterprise Server 4.0
 - Microsoft Windows NT Enterprise Server 4.0
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP2
 - Microsoft Windows NT Server 4.0 SP2
 - Microsoft Windows NT Server 4.0 SP1
 - Microsoft Windows NT Server 4.0 SP1
 - Microsoft Windows NT Server 4.0
 - Microsoft Windows NT Server 4.0
 - Microsoft Windows NT Terminal Server 4.0 SP6a
 - Microsoft Windows NT Terminal Server 4.0 SP6
 - Microsoft Windows NT Terminal Server 4.0 SP6
 - Microsoft Windows NT Terminal Server 4.0 SP5
 - Microsoft Windows NT Terminal Server 4.0 SP5
 - Microsoft Windows NT Terminal Server 4.0 SP4
 - Microsoft Windows NT Terminal Server 4.0 SP4
 - Microsoft Windows NT Terminal Server 4.0 SP3
 - Microsoft Windows NT Terminal Server 4.0 SP3
 - Microsoft Windows NT Terminal Server 4.0 SP2
 - Microsoft Windows NT Terminal Server 4.0 SP2
 - Microsoft Windows NT Terminal Server 4.0 SP1
 - Microsoft Windows NT Terminal Server 4.0 SP1
 - Microsoft Windows NT Terminal Server 4.0 alpha
 - Microsoft Windows NT Terminal Server 4.0
 - Microsoft Windows NT Terminal Server 4.0
 - Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ MandrakeSoft Linux Mandrake 8.2 ppc
 + MandrakeSoft Linux Mandrake 8.2
+ RedHat Linux 7.3 i386
 + RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
 + S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
 + MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
 + MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
 + RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + RedHat Linux 6.2 alpha
 Apache Software Foundation Apache 1.3.20
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 Apache Software Foundation Apache 1.3.19
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.1
+ Apache Software Foundation Apache 1.1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
 + MandrakeSoft Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 1.3.7 -dev
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
 + RedHat Linux 5.2 i386
 + RedHat Linux 5.2 alpha
 Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus