PT-2012-4730 · Pnp4Nagios · Pnp4Nagios
Kurt Seifried
·
Published
2012-08-12
·
Updated
2013-04-05
·
CVE-2012-3457
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PNP4Nagios versions 0.6 through 0.6.16
Description
The issue allows local users to obtain the Gearman shared secret by reading the process perfdata.cfg file due to world-readable permissions.
Recommendations
For PNP4Nagios versions 0.6 through 0.6.16, consider changing the permissions of the process perfdata.cfg file to restrict access and prevent unauthorized reading of the Gearman shared secret.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pnp4Nagios