////////////////// ucd-snmp file overwrite vulnerabillity ///////////////////
///////////////////////// <priest@priestmaster.org> /////////////////////////
///////////////////////// http://www.pirestmaster.org ///////////////////////

Affected file: /usr/local/bin/snmpd
Version      : ucd-snmp <= 4.2.6
Error class  : file overwrite

It's possible to overwrite a file with the -P and the -l parameter, if
ucd-snmp is installed setuid-root. Example:

# /usr/local/bin/snmpd -P /etc/passwd
# /usr/local/bin/snmpd -l /etc/passwd

The -l parameter overwrite the file with logging data from snmpd.

Solution:

Check the uid at the start of execution. If user-id isn't equal to 0, do
not create any files. Another way is, stat the file. If file exist, exit
with an error message.

Happy hacking,

priestmaster