CVE-2014-4701

EUVD-2014-4620
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
nagiosnagios
𝑥
≤ 2.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
monitoring-plugins
bookworm
2.3.3-5+deb12u2
fixed
bullseye
2.3.1-1
fixed
sid
2.4.0-1
fixed
trixie
2.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios-plugins
artful
dne
bionic
dne
cosmic
dne
disco
dne
lucid
ignored
precise
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://legalhackers.com/advisories/nagios-check_dhcp.txt
http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins
http://seclists.org/fulldisclosure/2014/May/74
http://secunia.com/advisories/58751
http://secunia.com/advisories/61319
http://www.exploit-db.com/exploits/33387
http://www.openwall.com/lists/oss-security/2014/06/30/6
http://www.securityfocus.com/bid/67433
https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html
http://legalhackers.com/advisories/nagios-check_dhcp.txt
http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins
http://seclists.org/fulldisclosure/2014/May/74
http://secunia.com/advisories/58751
http://secunia.com/advisories/61319
http://www.exploit-db.com/exploits/33387
http://www.openwall.com/lists/oss-security/2014/06/30/6
http://www.securityfocus.com/bid/67433
https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html