[v2.7] nagios-plugins: multiple fixes (CVE-2014-4701 CVE-2014-4702 CVE-2014-4703)
CVE-2014-4701/CVE-2014-4701:
Dawid Golunski discovered a flaw in the Nagios check_dhcp plugin that
allows “Malicious user that has local access to a system where
check_dhcp plugin is installed with SUID could exploit this
vulnerability to read any INI format config files owned by root and
potentially extract some sensitive information.”
Malicious user that has local access to a system where check_dhcp plugin is installed with SUID could exploit this vulnerability to read any INI format config files owned by root and potentially extract some sensitive information.
Affected:
————————————-
Systems with check_dhcp SUID binary installed as a part of Nagios
Plugins 2.0.1 or older are vulnerable.
Solution:
————————————-
Remove SETUID permission bit from the check_dhcp binary file if the
plugin is not used. Vendor has been informed about the vulnerability
prior to release of this advisory. Install a newer version of the plugin
when released by vendor.
Fixed in:
————————————-
Nagios Plugins 2.0.2
References:
————————————-
http://seclists.org/fulldisclosure/2014/May/74
http://seclists.org/oss-sec/2014/q2/709
http://nagios-plugins.org/nagios-plugins-2-0-2-released/
CVE-2014-4703:
check_dhcp plugin (part of the official Nagios Plugins package) contained a vulnerability that allowed a malicious attacker to read parts of INI config files belonging to root on a local system. It allowed an attacker to obtain sensitive information like passwords that should only be accessible by root user (see above).
The vulnerability was quickly patched by vendor in the release of nagios plugins version 2.0.2 however the security measures in the patch are not sufficient and the code is vulnerable to Race Condition attack. Race Condition makes it possible for an arbitrary user to read parts of a root-owned file despite the checks.
Affected:
————————————-
Nagios Plugins 2.0.2
Fixed in:
————————————-
Nagios Plugins 2.0.3
References:
————————————-
http://seclists.org/fulldisclosure/2014/Jun/141
http://seclists.org/oss-sec/2014/q2/709
http://nagios-plugins.org/nagios-plugins-2-0-3-released/
(from redmine: issue id 3133, created on 2014-07-02, closed on 2017-09-05)
- Relations:
- parent #3130