Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nagios Plugins 后置链接漏洞
Vulnerability Description
Nagios是美国程序员Ethan Galstad所研发的一套开源的系统运行状态和网络信息监控程序。Nagios Plugins是一个插件包,它提供了各种供Nagios服务调用的监控插件。 Nagios Plugins 2.0.2版本的lib/parse_ini.c文件中存在安全漏洞。本地攻击者可通过在extra-opts标志中的配置文件中实施符号链接攻击利用该漏洞获取敏感信息。(注:该漏洞源于CVE-2014-4701补丁的不完全修复)
CVSS Information
N/A
Vulnerability Type
N/A