Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3457

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-3457
Last Modified 04 Apr 2013 11:12:05
Published 11 Aug 2012 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3457

Summary

PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.

Vulnerable Systems

Application

  • Pnp4nagios 0.6.0

  • Pnp4nagios 0.6.1

  • Pnp4nagios 0.6.10

  • Pnp4nagios 0.6.11

  • Pnp4nagios 0.6.12

  • Pnp4nagios 0.6.13

  • Pnp4nagios 0.6.14

  • Pnp4nagios 0.6.15

  • Pnp4nagios 0.6.16

  • Pnp4nagios 0.6.2

  • Pnp4nagios 0.6.3

  • Pnp4nagios 0.6.4

  • Pnp4nagios 0.6.5

  • Pnp4nagios 0.6.6

  • Pnp4nagios 0.6.7


References

BID - 54863

MLIST - [oss-security] 20120806 Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable

MLIST - [oss-security] 20120806 CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879

FEDORA - FEDORA-2012-13215

FEDORA - FEDORA-2012-13244


Last Updated: 27 May 2016 10:51:39