[Bug 1322100] [NEW] check_dhcp is vulnerable to information leak when run as suid root
Robie Basak
1322100 at bugs.launchpad.net
Thu May 22 08:42:55 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
check_dhcp is shipped to run suid root by default by upstream, but it is
not packaged as suid root in Debian or Ubuntu.
This issue has no CVE but is listed at
http://osvdb.org/show/osvdb/107070
However, if users mark it suid root to make it more useful, then it is
vulnerable as described in
http://seclists.org/fulldisclosure/2014/May/74
There is a fix available at https://github.com/nagios-plugins/nagios-
plugins/commit/cd3e21304581ea5a55624a9b9afc5d5238d166aa, but
#monitoring-plugins believes this is racy, and this looks likely to me
too.
The monitoring-plugins fork has yet to issue a fix.
09:39 <emias> 20:36 <emias> I would simply disallow users to specify a
config file path when euid != ruid.
I suggest that we issue an update when one is available for users using
a non-default configuration of check_dhcp as suid root. As this is the
promoted way of using it upstream, it seems reasonable.
** Affects: nagios-plugins (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios-plugins in Ubuntu.
https://bugs.launchpad.net/bugs/1322100
Title:
check_dhcp is vulnerable to information leak when run as suid root
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1322100/+subscriptions
More information about the Ubuntu-server-bugs
mailing list