Found during an audit of openstack and all its dependencies. Error: nagios-plugins-1.4.16-6.el6ost/nagios-plugins-1.4.16/contrib/check_ipxping.c #define IPXPING_COMMAND "/tmp/ipxping/ipxping" The IPXPING_COMMAND is used to build command line that is executed later on using execv. As this is a predictable location in a public area a local attacker may place their own file in that location or symlink to another command. AFAICT little or no checks are made about the file permissions or ownership.
Confirmed in latest upstream nagios-plugins-1.4.16-80-g08f5
This issue has been reported upstream: http://tracker.nagios.org/view.php?id=451
Created nagios-plugins tracking bugs for this issue: Affects: fedora-all [bug 994781]
Acknowledgements: This issue was discovered by Grant Murphy of the Red Hat Product Security Team.