CVE-2012-3457
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
| Software | From | Fixed in |
|---|---|---|
| pnp4nagios / pnp4nagios | 0.6.2 | 0.6.2.x |
| pnp4nagios / pnp4nagios | 0.6.3 | 0.6.3.x |
| pnp4nagios / pnp4nagios | 0.6.5 | 0.6.5.x |
| pnp4nagios / pnp4nagios | 0.6.1 | 0.6.1.x |
| pnp4nagios / pnp4nagios | 0.6.12 | 0.6.12.x |
| pnp4nagios / pnp4nagios | 0.6.11 | 0.6.11.x |
| pnp4nagios / pnp4nagios | 0.6.7 | 0.6.7.x |
| pnp4nagios / pnp4nagios | 0.6.10 | 0.6.10.x |
| pnp4nagios / pnp4nagios | 0.6.6 | 0.6.6.x |
| pnp4nagios / pnp4nagios | 0.6.4 | 0.6.4.x |
| pnp4nagios / pnp4nagios | 0.6.0 | 0.6.0.x |
| pnp4nagios / pnp4nagios | 0.6.14 | 0.6.14.x |
| pnp4nagios / pnp4nagios | 0.6.13 | 0.6.13.x |
| pnp4nagios / pnp4nagios | 0.6.16 | 0.6.16.x |
| pnp4nagios / pnp4nagios | 0.6.15 | 0.6.15.x |
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086161.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086387.html
- http://www.openwall.com/lists/oss-security/2012/08/06/7
- http://www.openwall.com/lists/oss-security/2012/08/06/8
- http://www.securityfocus.com/bid/54863
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime