Check_MK Agent for Linux 1.2.3i < 1.2.5i3 Arbitrary File Disclosure

medium Nessus Plugin ID 101088

Synopsis

An IT monitoring application running on the remote host is affected by an arbitrary file disclosure vulnerability.

Description

The version of Check_MK running on the remote web server is 1.2.3i prior to 1.2.5i3. It is, therefore, affected by a flaw due to the /var/lib/check_mk_agent/job directory creating temporary files with insufficiently secure permissions. A local attacker can exploit this issue by creating a symbolic link in the directory so that it points to a file the attacker normally would not have access to (e.g., /etc/shadow). Since the agent expects output from jobs using the mk-job Tool in that directory, it will output the content of all files in the directory on TCP port 6556 by default.

Solution

Upgrade to Check_MK version 1.2.5i3 or later.

See Also

https://www.foxmole.com/advisories/lse-2014-05-21.txt

https://www.securityfocus.com/archive/1/532224

Plugin Details

Severity: Medium

ID: 101088

File Name: check_mk_agent_linux_file_disclosure.nasl

Version: 2.8

Type: remote

Family: CGI abuses

Published: 6/28/2017

Updated: 11/14/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-0243

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:check_mk_project:check_mk

Required KB Items: Check_MK/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2014

Vulnerability Publication Date: 5/28/2014

Reference Information

CVE: CVE-2014-0243

BID: 67674