Vulnerabilities > CVE-2014-8994 - Source Code vulnerability in Check Diskio Project Check Diskio 3.2.5

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

check-diskio-project

CWE-18

NVD

Published: 2014-11-28

Updated: 2017-09-08

Summary

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).

Vulnerable Configurations

Part	Description	Count
Application	Check_Diskio_Project Check Diskio Project Check Diskio 3.2.5	1

Common Weakness Enumeration (CWE)

CWE-18 - Source Code

References

http://seclists.org/oss-sec/2014/q4/679
http://seclists.org/oss-sec/2014/q4/701
http://www.securityfocus.com/bid/71208
https://exchange.xforce.ibmcloud.com/vulnerabilities/98849