CVE-2014-8994

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
check_diskio_projectcheck_diskio
𝑥
≤ 3.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q4/679
http://seclists.org/oss-sec/2014/q4/701
http://www.securityfocus.com/bid/71208
https://exchange.xforce.ibmcloud.com/vulnerabilities/98849
http://seclists.org/oss-sec/2014/q4/679
http://seclists.org/oss-sec/2014/q4/701
http://www.securityfocus.com/bid/71208
https://exchange.xforce.ibmcloud.com/vulnerabilities/98849