Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
BID:69310
Info
Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
| Bugtraq ID: | 69310 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5339 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 20 2014 12:00AM |
| Updated: | Apr 13 2015 09:30PM |
| Credit: | Deutsche Telekom CERT |
| Vulnerable: |
Mathias Kettner Check_mk 1.2.5i3 Mathias Kettner Check_mk 1.2.4p3 |
| Not Vulnerable: |
Mathias Kettner Check_mk 1.2.5i4 Mathias Kettner Check_mk 1.2.4p4 |
Discussion
Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
Dream Report is prone to a vulnerability that may allow attackers to overwrite arbitrary local files.
Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application.
Versions prior to Check_MK 1.2.4p4 and 1.2.5i4 are vulnerable.
Dream Report is prone to a vulnerability that may allow attackers to overwrite arbitrary local files.
Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application.
Versions prior to Check_MK 1.2.4p4 and 1.2.5i4 are vulnerable.
Exploit / POC
Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
References:
References:
- Check_MK Homepage (Letzte Anderung)
- Deutsche Telekom CERT Advisory [DTC-A-20140820-001] (Deutsche Telekom)