Vulnerability Details CVE-2014-8994
The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.9%
CVSS Severity
CVSS v2 Score 3.6
References
- http://seclists.org/oss-sec/2014/q4/679
- http://seclists.org/oss-sec/2014/q4/701
- http://www.securityfocus.com/bid/71208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98849
- http://seclists.org/oss-sec/2014/q4/679
- http://seclists.org/oss-sec/2014/q4/701
- http://www.securityfocus.com/bid/71208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98849
Products affected by CVE-2014-8994
-
cpe:2.3:a:check_diskio_project:check_diskio:3.2.5