Privilege Escalation Vulnerability in Nagios Plugins by Nagios
CVE-2013-4215

Currently unrated

Key Information:

Vendor: Nagios
Status: Plugins
Vendor: CVE Published:; 5 May 2014

What is CVE-2013-4215?

A local privilege escalation vulnerability exists in Nagios Plugins version 1.4.16 due to improper handling of symlinks in the IPXPING_COMMAND function located in contrib/check_ipxping.c. This flaw allows local users to exploit the system by creating a symlink to a file in the /tmp/ipxping/ directory, thereby gaining unauthorized privileges. This vulnerability underscores the importance of secure file handling and the need for proper validation in executing commands that interact with system files.

References

http://tracker.nagios.org/view.php?id=451

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=957482

x_refsource_MISC

http://seclists.org/oss-sec/2013/q3/310

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2014
Vulnerability Reserved
Jun 12, 2013