Check_MK Arbitrary File Overwrite Vulnerability (CVE-2014-5339)
Release date:
Updated on:
Affected Systems:
Mathias-ketaskcheck_mk <1.2.5i4
Mathias-ketaskcheck_mk <1.2.4p4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69310
CVE (CAN) ID: CVE-2014-5339
Check_MK is a common Nagios/Icinga data collection plug-in.
Check_MK has the Arbitrary File Overwrite Vulnerability. Attackers can exploit this vulnerability to write arbitrary files in the current user context.
<* Source: Deutsche Telekom CERT
Link: http://www.securityfocus.com/archive/1/533180
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mathias-kettings
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://mathias-kettner.de
This article permanently updates the link address: