Vulnerability Details : CVE-2012-3457
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
Exploit prediction scoring system (EPSS) score for CVE-2012-3457
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3457
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2012-3457
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3457
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086161.html
[SECURITY] Fedora 17 Update: pnp4nagios-0.6.16-4.fc17
-
http://www.openwall.com/lists/oss-security/2012/08/06/7
oss-security - CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086387.html
[SECURITY] Fedora 18 Update: pnp4nagios-0.6.16-4.fc18
-
http://www.securityfocus.com/bid/54863
PNP4Nagios 'process_perfdata.cfg' Information Disclosure Vulnerability
-
http://www.openwall.com/lists/oss-security/2012/08/06/8
oss-security - Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879
#683879 - pnp4nagios-bin: process_perfdata.cfg shouldn't be world readable - Debian Bug report logs
Products affected by CVE-2012-3457
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.14:*:*:*:*:*:*:*