CVE-2014-4703
Published: 5 December 2014
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Notes
Author | Note |
---|---|
seth-arnold | Ubuntu wasn't affected by CVE-2014-4701; further, Ubuntu's default kernels include Yama-based symlink and hardlink restrictions making the race much less useful. Marked not-affected because we haven't yet applied fix for CVE-2014-4701. |
Priority
Status
Package | Release | Status |
---|---|---|
nagios-plugins Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. |