Vulnerabilities > CVE-2014-8994 - Source Code vulnerability in Check Diskio Project Check Diskio 3.2.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

check-diskio-project

CWE-18

NVD

Published: 2014-11-28

Updated: 2024-11-21

Summary

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).

Vulnerable Configurations

Part	Description	Count
Application	Check_Diskio_Project Check Diskio Project Check Diskio 3.2.5	1

Common Weakness Enumeration (CWE)

CWE-18 - Source Code

References

http://seclists.org/oss-sec/2014/q4/679
http://seclists.org/oss-sec/2014/q4/679
http://seclists.org/oss-sec/2014/q4/701
http://seclists.org/oss-sec/2014/q4/701
http://www.securityfocus.com/bid/71208
http://www.securityfocus.com/bid/71208
https://exchange.xforce.ibmcloud.com/vulnerabilities/98849
https://exchange.xforce.ibmcloud.com/vulnerabilities/98849