CVE-2014-8994

2014-11-2815:00:00

mitre

www.cve.org

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status--).

References

seclists.org/oss-sec/2014/q4/679

seclists.org/oss-sec/2014/q4/701

www.securityfocus.com/bid/71208

exchange.xforce.ibmcloud.com/vulnerabilities/98849