CVE request for check_diskio nagios/icinga plugin

[Pierre Schweitzer <pierre () reactos org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,

The check_diskio plugin for nagios/icinga from Matteo Corti
(https://svn.id.ethz.ch/nagios_plugins/check_diskio/) is subject to a
/tmp symlink race attack in its latest version (and versions before as
well).

This plugin is used to monitor the I/Os on device on Linux systems. To
be able to make a diff between two calls, it keeps the latest readings
into a fixed pattern file name: /tmp/check_diskio_status-$user-$device

It does not check for the file being a symlink (à la PEAR) or whatever
when opening it.

Could a CVE be assigned to this?
The author has been contacted. I'll make him know the ID.

Cheers,
- -- 
Pierre Schweitzer <pierre () reactos org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUbEhQAAoJEHVFVWw9WFsLbKsQAINUKwP3oPVMs+126LhWsHsC
6ln86rxgRzRi/zQwreIrmH2DNSY7qaMUKH461Q5Z1FXeREo87hALwRqgFUk3fMXW
c9aRPUO1QKQWeeaaa3LQfQoJHSxSaLPDt/v+ieWRuoiP6urZLoGaEP32DtRjUXLG
bIRFfORmMqh5PgdnsbVwcQb8ydjreFEEOzxghwzxwbPCczo97JCtXmtCxkMewVH/
OtHUugknvTMIxpddpokUs6O68WBnvG5jNKXqRl/dYLQKgpRwkpecQEZbtdzH4xP7
7JyNCh/9UacuMYpWWiApeULJsvQe9Uqu9ofll2DERuYASVadsLsEzvGi3IqEyrRV
Oi79NsyxWVINV7bLh1pbwYlFJwp2ZARLyoF8HYPW9s3ZOx0tSXTLjc0NLLhHFAAH
La7rl3asWBptjcrpOJMjGQbMhV1KwTBv3HS26YTWzYRHRiDiywTSQoOFvEiUFMYy
1chTOOnKzKQRRXjMquhCkX86zP2JkY54N5QcLKiE83f8Q3I/3e/rh8N7WmtJd5Oq
XCxn0CRCe+nyI+Iel0FVkHZhi5UKFmYrBnXw5njdtwX/hQLrZaF+JllFOpxtvuot
BnwQYF10yKsLl3W4nX6euY4WFRayQxbHKG5WKZOsw2iPMjaYxuNp/XhMRaTVgRpU
rPJO//rlwEHJK1KhIg6f
=aF5C
-----END PGP SIGNATURE-----