Red Hat Bugzilla – Bug 958002
CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
Last modified: 2015-12-05 15:30:26 EST
+++ This bug was initially created as a clone of Bug #957481 +++
Some potential issues discovered whilst auditing openstack & dependencies for tempfile vulnerabilities.
Magpie RSS cache dir is set to a fixed location in /tmp. The cached RSS
content is then used to build html content that could be served to
an end user.
This has been reported upstream: http://tracker.nagios.org/view.php?id=450
Created nagios tracking bugs for this issue:
Affects: fedora-all [bug 994779]
Affects: epel-6 [bug 994780]
This is not fixed by nagios 3.5.1.
Defining MAGPIE_CACHE_ON to 1 is required in order for MAGPIE_CACHE_DIR to be used.
rss_newsfeed.php disables the cache, so this directory is not used without editing the PHP code (note: *not* a configuration file).
As it is unused without editing the rss-newsfeed.php file, I will simply comment the line out *and* replace it with a usage comment.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue has been addressed in following products:
OpenStack 3 for RHEL 6
Via RHSA-2013:1526 https://rhn.redhat.com/errata/RHSA-2013-1526.html
nagios-4.0.8-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.