1. CVE-Search
  2. CVE-2014-5339
ID CVE-2014-5339
Summary Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
References
Vulnerable Configurations
  • cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.1.10:p3:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.1.10:p3:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.2:p3:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.2:p3:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
  • cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
    cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 09-10-2018 - 19:50)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2015:1495
rpms
  • augeas-0:1.0.0-10.el6
  • augeas-debuginfo-0:1.0.0-10.el6
  • augeas-devel-0:1.0.0-10.el6
  • augeas-libs-0:1.0.0-10.el6
  • ccs-0:0.16.2-81.el6
  • check-mk-0:1.2.6p1-3.el6rhs
  • check-mk-debuginfo-0:1.2.6p1-3.el6rhs
  • check-mk-livestatus-0:1.2.6p1-3.el6rhs
  • clufter-cli-0:0.11.2-1.el6
  • clufter-debuginfo-0:0.11.2-1.el6
  • clufter-lib-ccs-0:0.11.2-1.el6
  • clufter-lib-general-0:0.11.2-1.el6
  • clufter-lib-pcs-0:0.11.2-1.el6
  • cluster-cim-0:0.16.2-31.el6
  • cluster-debuginfo-0:3.0.12.1-73.el6
  • cluster-snmp-0:0.16.2-31.el6
  • clusterlib-0:3.0.12.1-73.el6
  • clusterlib-devel-0:3.0.12.1-73.el6
  • clustermon-debuginfo-0:0.16.2-31.el6
  • cman-0:3.0.12.1-73.el6
  • corosync-0:1.4.7-2.el6
  • corosync-debuginfo-0:1.4.7-2.el6
  • corosynclib-0:1.4.7-2.el6
  • corosynclib-devel-0:1.4.7-2.el6
  • ctdb2.5-0:2.5.5-7.el6rhs
  • ctdb2.5-debuginfo-0:2.5.5-7.el6rhs
  • fence-virt-0:0.2.3-19.el6
  • fence-virt-debuginfo-0:0.2.3-19.el6
  • fence-virtd-0:0.2.3-19.el6
  • fence-virtd-checkpoint-0:0.2.3-19.el6
  • fence-virtd-libvirt-0:0.2.3-19.el6
  • fence-virtd-multicast-0:0.2.3-19.el6
  • fence-virtd-serial-0:0.2.3-19.el6
  • gfs2-utils-0:3.0.12.1-73.el6
  • gluster-nagios-addons-0:0.2.4-4.el6rhs
  • gluster-nagios-addons-debuginfo-0:0.2.4-4.el6rhs
  • gluster-nagios-common-0:0.2.0-1.el6rhs
  • glusterfs-0:3.7.1-11.el5
  • glusterfs-0:3.7.1-11.el6
  • glusterfs-0:3.7.1-11.el6rhs
  • glusterfs-api-0:3.7.1-11.el5
  • glusterfs-api-0:3.7.1-11.el6
  • glusterfs-api-0:3.7.1-11.el6rhs
  • glusterfs-api-devel-0:3.7.1-11.el5
  • glusterfs-api-devel-0:3.7.1-11.el6
  • glusterfs-api-devel-0:3.7.1-11.el6rhs
  • glusterfs-cli-0:3.7.1-11.el5
  • glusterfs-cli-0:3.7.1-11.el6
  • glusterfs-cli-0:3.7.1-11.el6rhs
  • glusterfs-client-xlators-0:3.7.1-11.el5
  • glusterfs-client-xlators-0:3.7.1-11.el6
  • glusterfs-client-xlators-0:3.7.1-11.el6rhs
  • glusterfs-debuginfo-0:3.7.1-11.el5
  • glusterfs-debuginfo-0:3.7.1-11.el6
  • glusterfs-debuginfo-0:3.7.1-11.el6rhs
  • glusterfs-devel-0:3.7.1-11.el5
  • glusterfs-devel-0:3.7.1-11.el6
  • glusterfs-devel-0:3.7.1-11.el6rhs
  • glusterfs-fuse-0:3.7.1-11.el5
  • glusterfs-fuse-0:3.7.1-11.el6
  • glusterfs-fuse-0:3.7.1-11.el6rhs
  • glusterfs-ganesha-0:3.7.1-11.el6rhs
  • glusterfs-geo-replication-0:3.7.1-11.el6rhs
  • glusterfs-libs-0:3.7.1-11.el5
  • glusterfs-libs-0:3.7.1-11.el6
  • glusterfs-libs-0:3.7.1-11.el6rhs
  • glusterfs-rdma-0:3.7.1-11.el5
  • glusterfs-rdma-0:3.7.1-11.el6
  • glusterfs-rdma-0:3.7.1-11.el6rhs
  • glusterfs-server-0:3.7.1-11.el6rhs
  • gstatus-0:0.64-3.1.el6rhs
  • gstatus-debuginfo-0:0.64-3.1.el6rhs
  • libqb-0:0.17.1-1.el6
  • libqb-debuginfo-0:0.17.1-1.el6
  • libqb-devel-0:0.17.1-1.el6
  • libtalloc-0:2.1.1-4.el6rhs
  • libtalloc-debuginfo-0:2.1.1-4.el6rhs
  • libtalloc-devel-0:2.1.1-4.el6rhs
  • libvirt-debuginfo-0:0.10.2-54.el6
  • libvirt-lock-sanlock-0:0.10.2-54.el6
  • modcluster-0:0.16.2-31.el6
  • nagios-plugins-0:1.4.16-12.el6rhs
  • nagios-plugins-debuginfo-0:1.4.16-12.el6rhs
  • nagios-plugins-dummy-0:1.4.16-12.el6rhs
  • nagios-plugins-ide_smart-0:1.4.16-12.el6rhs
  • nagios-plugins-nrpe-0:2.15-4.1.el6rhs
  • nagios-plugins-ping-0:1.4.16-12.el6rhs
  • nagios-plugins-procs-0:1.4.16-12.el6rhs
  • nagios-server-addons-0:0.2.1-4.el6rhs
  • nfs-ganesha-0:2.2.0-5.el6rhs
  • nfs-ganesha-debuginfo-0:2.2.0-5.el6rhs
  • nfs-ganesha-gluster-0:2.2.0-5.el6rhs
  • nfs-ganesha-nullfs-0:2.2.0-5.el6rhs
  • nrpe-0:2.15-4.1.el6rhs
  • nrpe-debuginfo-0:2.15-4.1.el6rhs
  • openais-0:1.1.1-7.el6
  • openais-debuginfo-0:1.1.1-7.el6
  • openaislib-0:1.1.1-7.el6
  • openaislib-devel-0:1.1.1-7.el6
  • openstack-swift-0:1.13.1-4.el6ost
  • openstack-swift-account-0:1.13.1-4.el6ost
  • openstack-swift-container-0:1.13.1-4.el6ost
  • openstack-swift-doc-0:1.13.1-4.el6ost
  • openstack-swift-object-0:1.13.1-4.el6ost
  • openstack-swift-proxy-0:1.13.1-4.el6ost
  • pacemaker-0:1.1.12-8.el6
  • pacemaker-cli-0:1.1.12-8.el6
  • pacemaker-cluster-libs-0:1.1.12-8.el6
  • pacemaker-cts-0:1.1.12-8.el6
  • pacemaker-debuginfo-0:1.1.12-8.el6
  • pacemaker-doc-0:1.1.12-8.el6
  • pacemaker-libs-0:1.1.12-8.el6
  • pacemaker-libs-devel-0:1.1.12-8.el6
  • pacemaker-remote-0:1.1.12-8.el6
  • pcs-0:0.9.139-9.el6
  • pcs-debuginfo-0:0.9.139-9.el6
  • pnp4nagios-0:0.6.22-2.1.el6rhs
  • pnp4nagios-debuginfo-0:0.6.22-2.1.el6rhs
  • pynag-0:0.9.1-1.el6rhs
  • pynag-examples-0:0.9.1-1.el6rhs
  • pytalloc-0:2.1.1-4.el6rhs
  • pytalloc-devel-0:2.1.1-4.el6rhs
  • python-blivet-1:1.0.0.2-1.el6rhs
  • python-clufter-0:0.11.2-1.el6
  • python-cpopen-0:1.3-4.el6_5
  • python-cpopen-debuginfo-0:1.3-4.el6_5
  • python-eventlet-0:0.14.0-1.el6
  • python-eventlet-doc-0:0.14.0-1.el6
  • python-gluster-0:3.7.1-11.el5
  • python-gluster-0:3.7.1-11.el6
  • python-gluster-0:3.7.1-11.el6rhs
  • python-greenlet-0:0.4.2-1.el6
  • python-greenlet-debuginfo-0:0.4.2-1.el6
  • python-greenlet-devel-0:0.4.2-1.el6
  • python-keystoneclient-1:0.9.0-5.el6ost
  • python-keystoneclient-doc-1:0.9.0-5.el6ost
  • python-prettytable-0:0.7.2-1.el6
  • python-pyudev-0:0.15-2.el6rhs
  • redhat-storage-logos-0:60.0.20-1.el6rhs
  • redhat-storage-server-0:3.1.0.3-1.el6rhs
  • resource-agents-0:3.9.5-24.el6
  • resource-agents-debuginfo-0:3.9.5-24.el6
  • resource-agents-sap-0:3.9.5-24.el6
  • ricci-0:0.16.2-81.el6
  • ricci-debuginfo-0:0.16.2-81.el6
  • userspace-rcu-0:0.7.9-2.el6rhs
  • userspace-rcu-debuginfo-0:0.7.9-2.el6rhs
  • userspace-rcu-devel-0:0.7.9-2.el6rhs
  • vdsm-0:4.16.20-1.2.el6rhs
  • vdsm-cli-0:4.16.20-1.2.el6rhs
  • vdsm-debug-plugin-0:4.16.20-1.2.el6rhs
  • vdsm-debuginfo-0:4.16.20-1.2.el6rhs
  • vdsm-gluster-0:4.16.20-1.2.el6rhs
  • vdsm-hook-ethtool-options-0:4.16.20-1.2.el6rhs
  • vdsm-hook-faqemu-0:4.16.20-1.2.el6rhs
  • vdsm-hook-openstacknet-0:4.16.20-1.2.el6rhs
  • vdsm-hook-qemucmdline-0:4.16.20-1.2.el6rhs
  • vdsm-jsonrpc-0:4.16.20-1.2.el6rhs
  • vdsm-python-0:4.16.20-1.2.el6rhs
  • vdsm-python-zombiereaper-0:4.16.20-1.2.el6rhs
  • vdsm-reg-0:4.16.20-1.2.el6rhs
  • vdsm-tests-0:4.16.20-1.2.el6rhs
  • vdsm-xmlrpc-0:4.16.20-1.2.el6rhs
  • vdsm-yajsonrpc-0:4.16.20-1.2.el6rhs
refmap via4
bugtraq 20140820 Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
confirm http://mathias-kettner.de/check_mk_werks.php?werk_id=983
misc http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html
Last major update 09-10-2018 - 19:50
Published 02-09-2014 - 14:55
Last modified 09-10-2018 - 19:50
Back to Top