CVE-2014-4701

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
nagiosnagios
𝑥
≤ 2.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
monitoring-plugins
bullseye
2.3.1-1
fixed
bookworm
2.3.3-5+deb12u2
fixed
sid
2.4.0-1
fixed
trixie
2.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios-plugins
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://legalhackers.com/advisories/nagios-check_dhcp.txt
http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins
http://seclists.org/fulldisclosure/2014/May/74
http://secunia.com/advisories/58751
http://secunia.com/advisories/61319
http://www.exploit-db.com/exploits/33387
http://www.openwall.com/lists/oss-security/2014/06/30/6
http://www.securityfocus.com/bid/67433
https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html
http://legalhackers.com/advisories/nagios-check_dhcp.txt
http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins
http://seclists.org/fulldisclosure/2014/May/74
http://secunia.com/advisories/58751
http://secunia.com/advisories/61319
http://www.exploit-db.com/exploits/33387
http://www.openwall.com/lists/oss-security/2014/06/30/6
http://www.securityfocus.com/bid/67433
https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html