CVE-2013-2029 — Link Following in Redhat Openstack

CWE-59 — Link Following CWE-377 — Insecure Temporary File5 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 91.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedNov 23

Latest updateMay 17

Description

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

CVSS vector

AV:L/AC:M/C:N/I:C/A:CExploitability: 3.4 | Impact: 9.2

Affected Packages1 packages

▶NVDredhat/openstack3.0

🔴Vulnerability Details

GHSA

GHSA-8727-34w8-v299: nagios↗2022-05-17

▶

CVEList

CVE-2013-2029: nagios↗2013-11-23

▶

📋Vendor Advisories

Red Hat

core: Insecure temporary file usage in nagios.upgrade_to_v3.sh↗2013-04-30

▶

💬Community

Bugzilla

CVE-2013-2029 Nagios core: Insecure temporary file usage in nagios.upgrade_to_v3.sh↗2013-04-30

▶