CVE-2013-4214

Published: Nov 23, 2013Modified: Apr 29, 2026

6.3

Vector

AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability: 3.4 / Impact: 9.2

Source: NVD

Description

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

Affected (3)

Products: Nagios: Nagios · Redhat: Openstack

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios	Up to 3.5.1
Nagios Nagios	Version 3.4.4
Redhat Openstack	Version 3.0

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

http://rhn.redhat.com/errata/RHSA-2013-1526.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/61747

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=958002

Source: secalert@redhat.com

https://www.nagios.org/projects/nagios-core/history/4x/

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1526.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/61747

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=958002

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.nagios.org/projects/nagios-core/history/4x/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.