CVE-2013-2029

EUVD-2013-2016
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
redhatopenstack
3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icinga
hardy
dne
lucid
dne
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
nagios2
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
nagios3
hardy
dne
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2013-1526.html
https://bugzilla.redhat.com/show_bug.cgi?id=958015
http://rhn.redhat.com/errata/RHSA-2013-1526.html
https://bugzilla.redhat.com/show_bug.cgi?id=958015