CVE-2014-4703
published 2014-12-05CVE-2014-4703: lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.08%
61.0th percentile
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | monitoring-plugins | — | — |
| nagios | nagios | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_debian2.1LOW
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
nagios-plugins: check_dhcp Arbitrary Option File Read
vendor_redhat·2014-05-16·CVSS 2.1
CVE-2014-4703 [LOW] nagios-plugins: check_dhcp Arbitrary Option File Read
nagios-plugins: check_dhcp Arbitrary Option File Read
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Statement: This issue did not affect the versions of nagios-plugins as shipped with Red Hat Enterprise Linux OpenStack Platform.
Package: nagios-plugins (Red Hat OpenStack Platform 3) - Not affected
Package: nagios-plugins (Red Hat OpenStack Platform 4) - Not affected
Debian
CVE-2014-4703: monitoring-plugins - lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive i...
vendor_debian·2014·CVSS 2.1
CVE-2014-4703 [LOW] CVE-2014-4703: monitoring-plugins - lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive i...
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-v966-mf9p-984g: lib/parse_ini
ghsa_unreviewed·2022-05-17·CVSS 2.1
CVE-2014-4703 [LOW] CWE-59 GHSA-v966-mf9p-984g: lib/parse_ini
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
No detection rules found.
http://nagios-plugins.org/nagios-plugins-2-0-3-released/http://seclists.org/fulldisclosure/2014/Jun/141http://www.openwall.com/lists/oss-security/2014/06/30/6http://www.securityfocus.com/bid/76810http://nagios-plugins.org/nagios-plugins-2-0-3-released/http://seclists.org/fulldisclosure/2014/Jun/141http://www.openwall.com/lists/oss-security/2014/06/30/6http://www.securityfocus.com/bid/76810
2014-12-05
Published