Timeline :

Vulnerability discovered by Eric Romang the 2005-05-07
Vendor notified the 2005-05-17
Vulnerability disclosure the 2005-05-23

Reference(s) :

CVE-2005-1740
OSVDB-16778
GLSA 200506-08

Affected version(s) :

net-snmp before or equal to 5.2.1

Description :

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.