CVE-2013-2029

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
redhatopenstack
3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icinga
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
dne
hardy
dne
nagios2
raring
dne
quantal
dne
precise
dne
oneiric
dne
lucid
dne
hardy
ignored
nagios3
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2013-1526.html
https://bugzilla.redhat.com/show_bug.cgi?id=958015
http://rhn.redhat.com/errata/RHSA-2013-1526.html
https://bugzilla.redhat.com/show_bug.cgi?id=958015