Описание
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
Отчет
The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in OpenStack 2.1 (Folsom). For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 2.1 | nagios | Will not fix | ||
| Red Hat OpenStack Platform 4 | nagios | Affected | ||
| OpenStack 3 for RHEL 6 | nagios | Fixed | RHSA-2013:1526 | 18.11.2013 |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS2
Связанные уязвимости
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
4.6 Medium
CVSS2