CVE-2014-4701

Nagios Plugins <2.0.2 - Info Disclosure

Title source: llm

Description

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dawid Golunski · textlocallinux

https://www.exploit-db.com/exploits/33387

View Code ZIP pw:eip

References (9)

Core 9

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33387

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/61319

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/May/74

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67433

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/58751

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/06/30/6

Patch, Vendor Advisory x_refsource_confirm

http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins

Exploit x_refsource_misc

http://legalhackers.com/advisories/nagios-check_dhcp.txt

Various Sources vendor-advisory x_refsource_suse

https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html

Scores

EPSS 0.0005

EPSS Percentile 14.0%

Details

CWE

CWE-200

Status published

Products (1)

nagios/nagios < 2.0.1

Published Dec 05, 2014

Tracked Since Feb 18, 2026