Vigil@nce - Nagios: file corruption via nagios.upgrade_to_v3.sh
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the administrator runs the nagios.upgrade_to_v3.sh script, a
local attacker can create a symbolic link, in order to corrupt a
file with root privileges.
Impacted products: Nagios Open Source
Severity: 2/4
Creation date: 02/05/2013
DESCRIPTION OF THE VULNERABILITY
The nagios.upgrade_to_v3.sh script is installed by some Linux
distributions, in order to migrate Nagios to a recent version.
However, this script uses a predictable filename
(/tmp/nagioscfg.$$.tmp) to store the configuration.
When the administrator runs the nagios.upgrade_to_v3.sh script, a
local attacker can therefore create a symbolic link, in order to
corrupt a file with root privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Nagios-file-corruption-via-nagios-upgrade-to-v3-sh-12741