Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-4703

Published: 5 December 2014

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.

Notes

AuthorNote
seth-arnold
Ubuntu wasn't affected by CVE-2014-4701; further, Ubuntu's default
kernels include Yama-based symlink and hardlink restrictions making the race
much less useful. Marked not-affected because we haven't yet applied fix for
CVE-2014-4701.

Priority

Negligible

Status

Package Release Status
nagios-plugins
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise Not vulnerable

saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu.