Amazon Linux 1 Security Advisory: ALAS-2013-227
Advisory Release Date: 2013-09-24 19:41 Pacific
Advisory Updated Date: 2014-09-16 21:39 Pacific
nagios.upgrade_to_v3.sh allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
Affected Packages:
nagios
Issue Correction:
Run yum update nagios to update your system.
i686:
nagios-devel-3.5.1-1.6.amzn1.i686
nagios-3.5.1-1.6.amzn1.i686
nagios-debuginfo-3.5.1-1.6.amzn1.i686
nagios-common-3.5.1-1.6.amzn1.i686
src:
nagios-3.5.1-1.6.amzn1.src
x86_64:
nagios-common-3.5.1-1.6.amzn1.x86_64
nagios-debuginfo-3.5.1-1.6.amzn1.x86_64
nagios-devel-3.5.1-1.6.amzn1.x86_64
nagios-3.5.1-1.6.amzn1.x86_64