Debian Security Advisory
DSA-1013-1 snmptrapfmt -- insecure temporary file
- Date Reported:
- 22 Mar 2006
- Affected Packages:
- snmptrapfmt
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2006-0050.
- More information:
-
Will Aoki discovered that snmptrapfmt, a configurable snmp trap handler daemon for snmpd, does not prevent overwriting existing files when writing to a temporary log file.
For the old stable distribution (woody) this problem has been fixed in version 1.03woody1.
For the stable distribution (sarge) this problem has been fixed in version 1.08sarge1.
For the unstable distribution (sid) this problem has been fixed in version 1.10-1.
We recommend that you upgrade your snmptrapfmt package.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.dsc
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.tar.gz
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.dsc
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.tar.gz
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.