what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Deutsche Telekom CERT Advisory DTC-A-20140820-001
Posted Aug 20, 2014
Authored by Deutsche Telekom CERT

check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2014-5338, CVE-2014-5339, CVE-2014-5340
SHA-256 | a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949

Deutsche Telekom CERT Advisory DTC-A-20140820-001

Change Mirror Download
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] 

Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Install software release 1.2.4p4, 1.2.5i4 or later.

Homepage: http://mathias-kettner.de/check_mk.html

a) application
b) problem
d) detailed description

a1) check_mk (git hash: 4b71709) [CVE-2014-5338]

b1) Reflected Cross-Site Scripting (XSS)

c1) CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

d1) The check_mk application is susceptible to reflected XSS attacks. This is mainly the result of improper output encoding. Reflected XSS can be triggered by sending a malicious URL to a user of the check_mk application. Once the XSS attack is triggered, the attacker has access to the full check_mk (and nagios) application with the access rights of the logged in victim.


a2) check_mk (git hash: 4b71709) [CVE-2014-5339]

b2) Write access to config (.mk) files in arbitrary places on the filesystem

c2) CVSS 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P

d2) The check_mk application does allow an attacker to write check_mk config files (.mk files) on arbitrary locations on the server filesystem


a3) check_mk (git hash: 4b71709) [CVE-2014-5340]

b3) Code executing due to insecure input handling

c3) CVSS 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

d3) The check_mk applications uses insecure API calls, which allow an attacker to execute arbitrary code on the server by issuing just a single URL. The reason for this is the usage of the insecure "pickle" API call.
Additionally, there are several locations in the code which allow calling this method without any CSRF tokens in place. This flaw can also be triggered as a non-admin user (for instance as a normal monitoring user, who only has limited capabilities in the application).

Deutsche Telekom Cyber Defense & CERT
Friedrich-Ebert-Allee 140, 53113 Bonn, Germany
+49 800 DTAG CERT (Tel.)
E-Mail: cert@telekom.de
Life is for sharing.

Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: Timotheus Höttges (Chairman),
Dr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,
Thomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn

Big changes start small – conserve resources by not printing every e-mail.
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By