Similar to the CVE-2014-4701 issue in the check_dhcp plug-in, the same flaw was found to affect check_icmp. A local attacker could obtain sensitive information by using this flaw to read parts of INI configuration files that belong to the root user. This issue was fixed in version 2.0.2: http://nagios-plugins.org/nagios-plugins-2-0-2-released/ References: http://seclists.org/fulldisclosure/2014/May/74 https://bugzilla.redhat.com/show_bug.cgi?id=1098531 http://seclists.org/oss-sec/2014/q2/709
Created nagios-plugins tracking bugs for this issue: Affects: fedora-all [bug 1098548] Affects: epel-all [bug 1098549]
Statement: This issue did not affect the versions of nagios-plugins as shipped with Red Hat Enterprise Linux OpenStack Platform.
nagios-plugins-2.0.3-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.0.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.0.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.0.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
nagios-plugins-2.0.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.