CVE-2013-4214

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
nagiosnagios
𝑥
≤ 3.5.1
nagiosnagios
3.4.4
redhatopenstack
3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios3
lucid
not-affected
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
nagios
Amazon Linux 1
0:3.5.1-2.10.amzn1
fixed
nagios-common
Amazon Linux 1
0:3.5.1-2.10.amzn1
fixed
nagios-debuginfo
Amazon Linux 1
0:3.5.1-2.10.amzn1
fixed
nagios-devel
Amazon Linux 1
0:3.5.1-2.10.amzn1
fixed