OSVDB ID: 84746

Title: PNP4Nagios process_perfdata.cfg Insecure Permissions Local Gearman Shared Secret Disclosure

Info

Disclosure

Aug 05, 2012

Discovery

Unknown

Dates

Exploit

Aug 05, 2012

Solution

Unknown

Description

PNP4Nagios contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by process_perfdata.cfg having world-readable permissions, which may allow a local attacker to gain access to the Gearman shared secret.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Third-party Verified
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Jörg Linge	PNP4Nagios	0.6
		0.6.16

References

CVE ID: 2012-3457 (see also: NVD)
Bugtraq ID: 54863
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879
Mail List Post: http://www.openwall.com/lists/oss-security/2012/08/06/7
http://www.openwall.com/lists/oss-security/2012/08/06/8
Vendor URL: http://www.pnp4nagios.org/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84746

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Jörg Linge

PNP4Nagios

References

Credit