*** This bug is a security vulnerability *** Public security bug reported:
check_dhcp is shipped to run suid root by default by upstream, but it is not packaged as suid root in Debian or Ubuntu. This issue has no CVE but is listed at http://osvdb.org/show/osvdb/107070 However, if users mark it suid root to make it more useful, then it is vulnerable as described in http://seclists.org/fulldisclosure/2014/May/74 There is a fix available at https://github.com/nagios-plugins/nagios- plugins/commit/cd3e21304581ea5a55624a9b9afc5d5238d166aa, but #monitoring-plugins believes this is racy, and this looks likely to me too. The monitoring-plugins fork has yet to issue a fix. 09:39 <emias> 20:36 <emias> I would simply disallow users to specify a config file path when euid != ruid. I suggest that we issue an update when one is available for users using a non-default configuration of check_dhcp as suid root. As this is the promoted way of using it upstream, it seems reasonable. ** Affects: nagios-plugins (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1322100 Title: check_dhcp is vulnerable to information leak when run as suid root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1322100/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs