Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jun 2014 16:24:16 +1000
From: Murray McAllister <>
Subject: CVE requests: nagios check_dhcp plug-in: read parts of INI config
 files belonging to root

Good morning,

Dawid Golunski discovered a flaw in the Nagios check_dhcp plugin that
allows "Malicious user that has local access to a system where
check_dhcp plugin is installed with SUID could exploit  this
vulnerability to read any INI format config files owned by root and
potentially extract some sensitive information.":

This was fixed in version 2.0.2:


Dawid later reported a race condition. Despite the above fix, it was
still possible to read parts of root-owned files:

This was fixed in version 2.0.3:


Can CVEs please be assigned if they have not been already?


Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ