Описание
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nagios3 | removed | package | ||
| nagios3 | no-dsa | wheezy | package | |
| icinga | fixed | 1.13.4-1 | package | |
| icinga | no-dsa | jessie | package | |
| icinga | no-dsa | wheezy | package |
Примечания
https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile
https://dev.icinga.com/issues/13709
https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65
https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0
EPSS
Связанные уязвимости
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
EPSS