(RHSA-2013:1526) Moderate: nagios security update

2013-11-1800:00:00

access.redhat.com

6.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

0.001 Low

EPSS

Percentile

23.5%

JSON

Nagios is a program that can monitor hosts and services on your network. It
can send email or page alerts when problems arise and when problems are
resolved.

Multiple insecure temporary file creation flaws were found in Nagios.
A local attacker could use these flaws to cause arbitrary files to be
overwritten as the root user via a symbolic link attack. (CVE-2013-2029,
CVE-2013-4214)

These issues were discovered by Grant Murphy of the Red Hat Product
Security Team.

All users of Nagios are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64nagios-common< 3.5.1-2.el6ostnagios-common-3.5.1-2.el6ost.x86_64.rpm
RedHat6x86_64nagios-devel< 3.5.1-2.el6ostnagios-devel-3.5.1-2.el6ost.x86_64.rpm
RedHat6srcnagios< 3.5.1-2.el6ostnagios-3.5.1-2.el6ost.src.rpm
RedHat6x86_64nagios-debuginfo< 3.5.1-2.el6ostnagios-debuginfo-3.5.1-2.el6ost.x86_64.rpm
RedHat6x86_64nagios< 3.5.1-2.el6ostnagios-3.5.1-2.el6ost.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	nagios-common	< 3.5.1-2.el6ost	nagios-common-3.5.1-2.el6ost.x86_64.rpm
RedHat	6	x86_64	nagios-devel	< 3.5.1-2.el6ost	nagios-devel-3.5.1-2.el6ost.x86_64.rpm
RedHat	6	src	nagios	< 3.5.1-2.el6ost	nagios-3.5.1-2.el6ost.src.rpm
RedHat	6	x86_64	nagios-debuginfo	< 3.5.1-2.el6ost	nagios-debuginfo-3.5.1-2.el6ost.x86_64.rpm
RedHat	6	x86_64	nagios	< 3.5.1-2.el6ost	nagios-3.5.1-2.el6ost.x86_64.rpm