{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-23T18:10:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1526", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.565Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1526", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2029", "datePublished": "2013-11-23T17:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.565Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/."}, {"lang": "es", "value": "nagios.upgrade_to_v3.sh, tal y como se distribuye por Red Hat y posiblemente otros Nagios Core 3.4.4, 3.5.1, y anteriores versiones, permite a usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de un ataque symlink en un archivo nagioscfg temporal, con un nombre previsible en /tmp/."}], "evaluatorSolution": "Per: http://rhn.redhat.com/errata/RHSA-2013-1526.html\n\n\"Affected Products: Red Hat OpenStack 3.0\"", "id": "CVE-2013-2029", "lastModified": "2024-11-21T01:50:53.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-23T17:55:03.417", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Grant Murphy (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2013:1526", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "nagios-0:3.5.1-2.el6ost", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2013-11-18T00:00:00Z"}], "bugzilla": {"description": "core: Insecure temporary file usage in nagios.upgrade_to_v3.sh", "id": "958015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-377", "details": ["nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/."], "name": "CVE-2013-2029", "package_state": [{"cpe": "cpe:/a:redhat:openstack:2.1", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat OpenStack Platform 2.1"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Affected", "package_name": "nagios", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2013-04-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2029\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2029"], "statement": "The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in OpenStack 2.1 (Folsom). For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}