CVE-2013-2029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2029
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

6.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability : 3.4 / Impact : 9.2

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2013-1526.html Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=958015
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
History

13 Feb 2023, 04:42

Type Values Removed Values Added
Summary CVE-2013-2029 Nagios core: Insecure temporary file usage in nagios.upgrade_to_v3.sh nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:1526', 'name': 'https://access.redhat.com/errata/RHSA-2013:1526', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2013-2029', 'name': 'https://access.redhat.com/security/cve/CVE-2013-2029', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 18:17

Type Values Removed Values Added
Summary nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. CVE-2013-2029 Nagios core: Insecure temporary file usage in nagios.upgrade_to_v3.sh
References
  • (MISC) https://access.redhat.com/errata/RHSA-2013:1526 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2013-2029 -
Information

Published : 2013-11-23 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-2029

Mitre link : CVE-2013-2029

CVE.ORG link : CVE-2013-2029

JSON object : View

Products Affected

redhat

  • openstack
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')