From ${URL} : Found during an audit of openstack and all its dependencies. Error: nagios-plugins-1.4.16-6.el6ost/nagios-plugins-1.4.16/contrib/check_ipxping.c #define IPXPING_COMMAND "/tmp/ipxping/ipxping" The IPXPING_COMMAND is used to build command line that is executed later on using execv. As this is a predictable location in a public area a local attacker may place their own file in that location or symlink to another command. AFAICT little or no checks are made about the file permissions or ownership. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4215 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4215): The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
I'm pretty sure this is INVALID for us. We don't even build the check_ipxping plugin; both 1.4.x ebuilds immediately delete the check_ipxping.c file: cd contrib/ dodoc *README* # remove stuff that is way too broken to fix, or for which the USE # flag has been removed. rm -r tarballs aix \ check_compaq_insight.pl *.c *README* \ $(usex !jabber nagios_sendim.pl) \ $(usex !smart check_smart.pl)
The 2.x series of nagios-plugins is now stable anyway, and the 1.4.x series is gone. So this is taken-care-of either way.
(In reply to Michael Orlitzky from comment #2) > I'm pretty sure this is INVALID for us. We don't even build the > check_ipxping plugin; both 1.4.x ebuilds immediately delete the > check_ipxping.c file: > Thanks, this can indeed be closed INVALID