Vigil@nce - Nagios: file corruption via rss-newsfeed.php
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link during the usage of
rss-newsfeed.php of Nagios, in order to corrupt a file with
privileges of the service.
Impacted products: Nagios Open Source
Severity: 1/4
Creation date: 08/08/2013
DESCRIPTION OF THE VULNERABILITY
The nagios/html/rss-newsfeed.php page provides a RSS feed for
Nagios events.
It uses the /tmp/magpie_cache (MAGPIE_CACHE_DIR) temporary
directory to store items of the PHP MagpieRSS class. However, this
path is accessible by local users.
A local attacker can therefore create a symbolic link during the
usage of rss-newsfeed.php of Nagios, in order to corrupt a file
with privileges of the service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Nagios-file-corruption-via-rss-newsfeed-php-13225