Package: libsnmp-base Version: 5.2.3-1 Severity: critical Justification: may lead to DoS
I just noticed that somehow the file /usr/share/snmp/mibs/.index had been created, probably due to the hplip package using SNMP; despite creating a file dynamically in /usr probably violates FHS, the permissions of the file impose a security threat: -rw-rw-rw- 1 root root 2148 Sep 20 17:50 /usr/share/snmp/mibs/.index Any user may fill this file with arbitrary data and thus get the partition this directory resides on completely filled. Furthermore it may introduce other security risks, if the contents of this file is evaluated; but I don't know anything about the internals of libsnmp and thus cannot say, whether this really poses a problem. Regards, Michael
pgpBkFJfKZALp.pgp
Description: PGP signature
