CVE-2013-4215
published 2014-05-05CVE-2013-4215: The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
PriorityP418medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.33%
25.2th percentile
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | monitoring-plugins | — | — |
| nagios | plugins | — | — |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
plugins: IPXPING_COMMAND uses fixed location in /tmp
vendor_redhat·2013-08-07·CVSS 4.4
CVE-2013-4215 [MEDIUM] plugins: IPXPING_COMMAND uses fixed location in /tmp
plugins: IPXPING_COMMAND uses fixed location in /tmp
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
Package: nagios-plugins (Red Hat OpenStack Platform 3) - Not affected
Package: nagios-plugins (Red Hat OpenStack Platform 4) - Not affected
Debian
CVE-2013-4215: monitoring-plugins - The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows l...
vendor_debian·2013·CVSS 4.4
CVE-2013-4215 [MEDIUM] CVE-2013-4215: monitoring-plugins - The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows l...
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-66wp-j8hv-q5v9: The IPXPING_COMMAND in contrib/check_ipxping
ghsa_unreviewed·2022-05-17
CVE-2013-4215 [MEDIUM] CWE-59 GHSA-66wp-j8hv-q5v9: The IPXPING_COMMAND in contrib/check_ipxping
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4215 nagios-plugins: Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp [fedora-all]
bugzilla·2013-08-08·CVSS 4.4
CVE-2013-4215 [MEDIUM] CVE-2013-4215 nagios-plugins: Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp [fedora-all]
CVE-2013-4215 nagios-plugins: Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Pl
Bugzilla
CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp
bugzilla·2013-04-28·CVSS 4.4
CVE-2013-4215 [MEDIUM] CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp
CVE-2013-4215 Nagios plugins: IPXPING_COMMAND uses fixed location in /tmp
Found during an audit of openstack and all its dependencies.
Error: nagios-plugins-1.4.16-6.el6ost/nagios-plugins-1.4.16/contrib/check_ipxping.c
#define IPXPING_COMMAND "/tmp/ipxping/ipxping"
The IPXPING_COMMAND is used to build command line that is executed
later on using execv. As this is a predictable location in a public area
a local attacker may place their own file in that location or symlink to
another command. AFAICT little or no checks are made about the file
permissions or ownership.
Discussion:
Confirmed in latest upstream nagios-plugins-1.4.16-80-g08f5
---
This issue has been reported upstream: http://tracker.nagios.org/view.php?id=451
---
Created nagios-plugins tracking bugs for this issue:
A
http://osvdb.org/96085http://seclists.org/oss-sec/2013/q3/310http://tracker.nagios.org/view.php?id=451https://bugzilla.redhat.com/show_bug.cgi?id=957482http://osvdb.org/96085http://seclists.org/oss-sec/2013/q3/310http://tracker.nagios.org/view.php?id=451https://bugzilla.redhat.com/show_bug.cgi?id=957482
2014-05-05
Published