Your submission was sent successfully! Close

CVE-2013-2029

Published: 23 November 2013

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

Notes

AuthorNote
seth-arnold
unsafe code in RPM-based scripts
Priority

Medium

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream Not vulnerable

nagios2
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

upstream Not vulnerable

nagios3
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

upstream Not vulnerable