Veracode Vulnerability DatabaseVERACODE:15302Symlink Attack
6.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C
Nagios is a program that can monitor hosts and services on your network. It can send email or page alerts when problems arise and when problems are resolved. Multiple insecure temporary file creation flaws were found in Nagios. A local attacker could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2029, CVE-2013-4214) These issues were discovered by Grant Murphy of the Red Hat Product Security Team. All users of Nagios are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nagios | eq | 3.4.4__1.el6ost | |
| nagios | eq | 3.4.4__1.el6ost |
References
rhn.redhat.com/errata/RHSA-2013-1526.html
www.securityfocus.com/bid/61747
access.redhat.com/errata/RHSA-2013:1526
access.redhat.com/security/cve/CVE-2013-4214
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=958002
rhn.redhat.com/errata/RHSA-2013-1526.html
www.nagios.org/projects/nagios-core/history/4x/
Related
6.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C