Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Check Mk Project
  • Check Mk
Redhat
  • Storage

Configuration 1 [-]

OR cpe:2.3:a:check_mk_project:check_mk:*:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
Package CPE Advisory Released Date
Native Client for RHEL 5 for Red Hat Storage
glusterfs-0:3.7.1-11.el5 cpe:/a:redhat:storage:2:client:el5 RHSA-2015:1495 2015-07-29T00:00:00Z
Native Client for RHEL 6 for Red Hat Storage
glusterfs-0:3.7.1-11.el6 cpe:/a:redhat:storage:3:client:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
Red Hat Gluster Storage 3.1 for RHEL 6
augeas-0:1.0.0-10.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
check-mk-0:1.2.6p1-3.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
clufter-0:0.11.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
cluster-0:3.0.12.1-73.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
clustermon-0:0.16.2-31.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
corosync-0:1.4.7-2.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
ctdb2.5-0:2.5.5-7.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
fence-virt-0:0.2.3-19.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
glusterfs-0:3.7.1-11.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gluster-nagios-addons-0:0.2.4-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gluster-nagios-common-0:0.2.0-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gstatus-0:0.64-3.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libqb-0:0.17.1-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libtalloc-0:2.1.1-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libvirt-0:0.10.2-54.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nagios-plugins-0:1.4.16-12.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nagios-server-addons-0:0.2.1-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nfs-ganesha-0:2.2.0-5.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nrpe-0:2.15-4.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
openais-0:1.1.1-7.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
openstack-swift-0:1.13.1-4.el6ost cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pacemaker-0:1.1.12-8.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pcs-0:0.9.139-9.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pnp4nagios-0:0.6.22-2.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pynag-0:0.9.1-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-blivet-1:1.0.0.2-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-cpopen-0:1.3-4.el6_5 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-eventlet-0:0.14.0-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-greenlet-0:0.4.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-keystoneclient-1:0.9.0-5.el6ost cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-prettytable-0:0.7.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-pyudev-0:0.15-2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
redhat-storage-logos-0:60.0.20-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
redhat-storage-server-0:3.1.0.3-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
resource-agents-0:3.9.5-24.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
ricci-0:0.16.2-81.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
userspace-rcu-0:0.7.9-2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
vdsm-0:4.16.20-1.2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
References
Link Providers
http://mathias-kettner.de/check_mk_werks.php?werk_id=983 cve-icon cve-icon
http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1495.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/533180/100/0/threaded cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-5339 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-5339 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-09-02T14:00:00

Updated: 2024-08-06T11:41:48.576Z

Reserved: 2014-08-18T00:00:00

Link: CVE-2014-5339

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-02T14:55:03.637

Modified: 2024-11-21T02:11:52.230

Link: CVE-2014-5339

cve-icon Redhat

Severity : Important

Publid Date: 2014-05-05T00:00:00Z

Links: CVE-2014-5339 - Bugzilla