CVE-2014-0243 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
check_mk_project	check_mk	𝑥 ≤ 1.2.5
check_mk_project	check_mk	1.2.5:i2p1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

check-mk

bionic	not-affected
artful	ignored
zesty	ignored
yakkety	ignored
xenial	not-affected
wily	ignored
vivid	ignored
utopic	ignored
trusty	dne
saucy	ignored
precise	ignored
lucid	dne

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c

http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html

http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html

http://seclists.org/fulldisclosure/2014/May/145

http://www.openwall.com/lists/oss-security/2014/05/28/1

http://www.securityfocus.com/bid/67674

https://bugzilla.redhat.com/show_bug.cgi?id=1101669

https://secuniaresearch.flexerasoftware.com/advisories/58536

https://www.securityfocus.com/archive/1/532224/100/0/threaded

http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=0426323df1641596c4f01ef5a716a3b65276f01c

http://git.mathias-kettner.de/git/?p=check_mk.git%3Ba=commit%3Bh=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134160.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134166.html

http://packetstormsecurity.com/files/126857/Check_MK-Arbitrary-File-Disclosure.html

http://seclists.org/fulldisclosure/2014/May/145

http://www.openwall.com/lists/oss-security/2014/05/28/1

http://www.securityfocus.com/bid/67674

https://bugzilla.redhat.com/show_bug.cgi?id=1101669

https://secuniaresearch.flexerasoftware.com/advisories/58536

https://www.securityfocus.com/archive/1/532224/100/0/threaded