Vulnerability Name: | CVE-2013-4215 (CCN-86321) | ||||||||
Assigned: | 2013-08-07 | ||||||||
Published: | 2013-08-07 | ||||||||
Updated: | 2014-05-06 | ||||||||
Summary: | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | ||||||||
CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:U/RC:C)
| ||||||||
Vulnerability Type: | CWE-59 | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-4215 Source: OSVDB Type: UNKNOWN 96085 Source: CCN Type: oss-sec Mailing List, Wed, 07 Aug 2013 19:47:08 -0600 Some Nagios /tmp vulns (no reply from upstream) Source: MLIST Type: UNKNOWN [oss-security] 20130807 Some Nagios /tmp vulns (no reply from upstream) Source: MISC Type: UNKNOWN http://tracker.nagios.org/view.php?id=451 Source: CCN Type: BID-61748 Nagios Plugins CVE-2013-4215 Insecure Temporary File Creation Vulnerability Source: CCN Type: Red Hat Bugzilla Bug 957482 CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=957482 Source: XF Type: UNKNOWN nagios-cve20134215-symlink(86321) | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |