Found during an audit of openstack and all its dependencies.
#define IPXPING_COMMAND "/tmp/ipxping/ipxping"
The IPXPING_COMMAND is used to build command line that is executed
later on using execv. As this is a predictable location in a public area
a local attacker may place their own file in that location or symlink to
another command. AFAICT little or no checks are made about the file
permissions or ownership.
Confirmed in latest upstream nagios-plugins-1.4.16-80-g08f5
This issue has been reported upstream: http://tracker.nagios.org/view.php?id=451
Created nagios-plugins tracking bugs for this issue:
Affects: fedora-all [bug 994781]
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.