Sun SNMP Management Agent Insecure Temporary File Creation Vulnerability

Sun SNMP Management Agent creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in privilege escalation or cause a denial-of-service condition. Other attacks may also be possible.

SNMP Management Agent 'SUNWmasf' 1.4u2 up to and including 1.5.4 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus