Executive Summary

Title Sun Alert 248646 Insecure Temporary File Usage Vulnerability in Sun SNMP Management Agent
Name SUN-248646 First vendor Publication 2008-12-24
Vendor Sun Last vendor Modification 2008-12-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Sun SNMP Management Agent

An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges.

Sun Acknowledges with thanks Matthew Flanagan of Singtel Optus Pty Ltd for for bringing this issue to our attention.

State: Resolved
First released: 24-Dec-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_248646_insecure_temporary

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
50987 Sun SNMP Management Agent Unspecified Temporary File Symlink Arbitrary File O...

Sun SNMP Management Agent contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the agent creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-02-06 19:08:23
  • Multiple Updates