CVE-2013-4214
Published: 23 November 2013
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
Notes
Author | Note |
---|---|
mdeslaur | in html/rss-newsfeed.php and html/rss-corefeed.php removed completely by 80_dont_call_home.patch patch in trusty tmp file isn't actually used, as MAGPIE_CACHE_ON is set to 0 ignoring. |
Priority
Status
Package | Release | Status |
---|---|---|
nagios3 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.5.1-1)
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Ignored
|
|
raring |
Ignored
|
|
saucy |
Ignored
|
|
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. |