oss-sec mailing list archives
Re: CVE request for check_diskio nagios/icinga plugin
From: cve-assign () mitre org
Date: Thu, 20 Nov 2014 01:58:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The check_diskio plugin for nagios/icinga from Matteo Corti (https://svn.id.ethz.ch/nagios_plugins/check_diskio/) is subject to a /tmp symlink race attack in its latest version (and versions before as well). This plugin is used to monitor the I/Os on device on Linux systems. To be able to make a diff between two calls, it keeps the latest readings into a fixed pattern file name: /tmp/check_diskio_status-$user-$device It does not check for the file being a symlink
Use CVE-2014-8994. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUbY8NAAoJEKllVAevmvmszgQH/imVOlij54rUVoIVU/0Pkly0 S05eWBaL9eiiPkbUbngSeuLSNITWeEn7sPExLdfEe8XiNzY5TCU4/IaUSc4cpJps aXCMqNqliBTfvLlT3L9CZbmknL4rOaDyUIyQcXNuFN1EdfiJDLSGEMc2KlmEegNU a/VFLK6c386fJ3yz/o0kKem4OA3SRcDnblccg5b8z0cnfgnWvz7jXaKZgzR+L8/3 irJN2VZKcZwdkSVL2mKCx4aKW5y57x9MyDzs0kJ5B35TuiAbfY6dQEFEpFicvNuK zRocsKcC6mnIFEU4vEDLbVZn7l4WoD4+nvgLs7FoIdGLz6S2VtuSrURueqPGKao= =ohA9 -----END PGP SIGNATURE-----
Current thread:
- CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer (Nov 18)
- Re: CVE request for check_diskio nagios/icinga plugin cve-assign (Nov 19)
- Re: CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer (Dec 01)
- Re: CVE request for check_diskio nagios/icinga plugin cve-assign (Nov 19)