Monitoring plugin check_smart 6.9.1 released: Security fix in pseudo-device path

Written by - 2 comments

Published on - last updated on October 15th 2021 - Listed in Monitoring Hardware Security


An internal security audit at SUSE has come across a potential security issue in the check_smart script, a monitoring plugin to check physical hard-, solid sate and NVMe drives.

Since version 6.1, the -d parameter also supports a so-called pseudo device, located at /dev/bus/XX and representing drive(s) behind a raid controller in certain systems. To detect this path in the input, the regular expression was not good enough. This lead to the possibility, that someone could use whatever path as input, as long as it contained the string "/dev/bus" and a number:

$ sudo ./check_smart.pl -d /tmp/dev/bus/99 -i ata
[sudo] password for ck:      
UNKNOWN: Drive  S/N :  No health status line found|

To execute check_smart, sudo privileges are (unfortunately) required. The monitoring plugin launches smartctl in the background. Even though smartctl does not execute the path in any way but rather tries to read from it, it cannot be excluded that some method exists to execute the path.

The regex was fixed in the newest release 6.9.1 and an attempt to use a path outside of /dev/ results in the following error now:

$ sudo ./check_smart.pl -d /tmp/dev/bus/99 -i ata
[sudo] password for ck: 
Could not find any valid block/character special device for device /tmp/dev/bus/99  !

As 6.9.1 is a security release, an update is strongly recommended.

Thanks to Wolfgang Frisch from SUSE for the great collaboration and information exchange.

CVE-2021-42257

This (security) bug has been published as CVE-2021-42257 on October 11th 2021.


Add a comment

Show form to leave a comment

Comments (newest first)

ck from Switzerland wrote on Oct 15th, 2021:

DimeCadmium, no, I was not aware of this. Thank you for your e-mail for reporting this.


DimeCadmium from wrote on Oct 14th, 2021:

Did you also fix your parameter quoting issues (as on display in the oss-security posting)?


RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder