Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4215

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2013-4215
Last Modified 06 May 2014 03:10:20
Published 05 May 2014 01:06:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4215

Summary

The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.

Vulnerable Systems

Application

  • Nagios Plugins 1.4.16


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=957482

MISC - http://tracker.nagios.org/view.php?id=451

MLIST - [oss-security] 20130807 Some Nagios /tmp vulns (no reply from upstream)

OSVDB - 96085


Last Updated: 27 May 2016 11:05:10