CVE-2014-5339 - OpenCVE

Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Check Mk Project	Check Mk

Configuration 1 [-]

OR	cpe:2.3:a:check_mk_project:check_mk::p3::::::*
	cpe:2.3:a:check_mk_project:check_mk:1.2.4:::::::*
	cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1::::::
	cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2::::::
	cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1::::::
	cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2::::::
	cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3::::::

References

Link	Resource
http://mathias-kettner.de/check_mk_werks.php?werk_id=983	Patch Vendor Advisory
http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html
http://rhn.redhat.com/errata/RHSA-2015-1495.html
http://www.securityfocus.com/archive/1/533180/100/0/threaded

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-09-02T14:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2014-08-18T00:00:00

Link: CVE-2014-5339

JSON object: View

NVD Information

Status : Modified

Published: 2014-09-02T14:55:03.637

Modified: 2018-10-09T19:50:08.663

Link: CVE-2014-5339

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20140820 Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533180/100/0/threaded"}, {"name": "RHSA-2015:1495", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mathias-kettner.de/check_mk_werks.php?werk_id=983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140820 Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533180/100/0/threaded"}, {"name": "RHSA-2015:1495", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"name": "http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html"}, {"name": "http://mathias-kettner.de/check_mk_werks.php?werk_id=983", "refsource": "CONFIRM", "url": "http://mathias-kettner.de/check_mk_werks.php?werk_id=983"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5339", "datePublished": "2014-09-02T14:00:00", "dateReserved": "2014-08-18T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:check_mk_project:check_mk:*:p3:*:*:*:*:*:*", "matchCriteriaId": "831B5297-24A3-48DD-8024-A36FA8D68E26", "versionEndIncluding": "1.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "95436742-D5D2-4C8C-BCBE-9207659D97ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*", "matchCriteriaId": "1B7019F5-4E38-4895-803F-842F6EEBD5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*", "matchCriteriaId": "44880FB1-1E99-426D-8D28-9B2E09395C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*", "matchCriteriaId": "A465E402-D401-45F5-AC00-5214E71D7BB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*", "matchCriteriaId": "2F6664A0-4615-4EA3-A5DF-B9846BEFF4D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*", "matchCriteriaId": "CD84DD11-025A-4404-A6F9-94D4431F315C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections."}, {"lang": "es", "value": "Check_MK anterior a 1.2.4p4 y 1.2.5 anterior a 1.2.5i4 permite a usuarios remotos autenticados escribir ficheros de configuraci\u00f3n check_mk (ficheros .mk) en localizaciones arbitrarias a trav\u00e9s de vectores relacionados con las selecciones de filas."}], "id": "CVE-2014-5339", "lastModified": "2018-10-09T19:50:08.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-02T14:55:03.637", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://mathias-kettner.de/check_mk_werks.php?werk_id=983"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/533180/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}