Vulnerability in Check_diskio_project Check_diskio
CVE-2014-8994
The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).
EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.
Affected products
- Check_diskio_project Check_diskio
- N/a — versions n/a
Weakness classification (CWE)
References
- checkdiskio-cve20148994-symlink(98849) (vdb-entry, x_refsource_XF)
- 71208 (vdb-entry, x_refsource_BID)
- [oss-security] 20141119 CVE request for check_diskio nagios/icinga plugin (mailing-list, x_refsource_MLIST)
- [oss-security] 20141120 Re: CVE request for check_diskio nagios/icinga plugin (mailing-list, x_refsource_MLIST)