Bug 957482 (CVE-2013-4215) - CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp
Summary: CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-4215
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: All
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 994767 994769 994781
Blocks: 958515
TreeView+ depends on / blocked
 
Reported: 2013-04-28 11:37 UTC by Grant Murphy
Modified: 2023-05-12 22:19 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-07 02:18:07 UTC
Embargoed:


Attachments (Terms of Use)

Description Grant Murphy 2013-04-28 11:37:42 UTC
Found during an audit of openstack and all its dependencies.


Error: nagios-plugins-1.4.16-6.el6ost/nagios-plugins-1.4.16/contrib/check_ipxping.c

    #define IPXPING_COMMAND "/tmp/ipxping/ipxping"

    The IPXPING_COMMAND is used to build command line that is executed 
    later on using execv. As this is a predictable location in a public area
    a local attacker may place their own file in that location or symlink to   
    another command. AFAICT little or no checks are made about the file 
    permissions or ownership.

Comment 2 Kurt Seifried 2013-04-30 05:36:43 UTC
Confirmed in latest upstream nagios-plugins-1.4.16-80-g08f5

Comment 3 Kurt Seifried 2013-04-30 19:22:29 UTC
This issue has been reported upstream: http://tracker.nagios.org/view.php?id=451

Comment 4 Kurt Seifried 2013-08-08 01:49:37 UTC
Created nagios-plugins tracking bugs for this issue:

Affects: fedora-all [bug 994781]

Comment 7 Martin Prpič 2013-11-14 17:03:21 UTC
Acknowledgements:

This issue was discovered by Grant Murphy of the Red Hat Product Security Team.


Note You need to log in before you can comment on or make changes to this bug.