Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-12847

Опубликовано: 23 авг. 2017
Источник: debian

Описание

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nagios3removedpackage
nagios3no-dsajessiepackage
nagios3no-dsawheezypackage

Примечания

  • https://www.openwall.com/lists/oss-security/2017/08/16/7

  • https://github.com/NagiosEnterprises/nagioscore/issues/404

  • https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752

  • https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb

Связанные уязвимости

ubuntu логотип

CVE-2017-12847

CVSS3: 6.3
ubuntu
больше 8 лет назад

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

redhat логотип

CVE-2017-12847

CVSS3: 4.4
redhat
больше 8 лет назад

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

nvd логотип

CVE-2017-12847

CVSS3: 6.3
nvd
больше 8 лет назад

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

github логотип

GHSA-6j77-rprv-m39j

CVSS3: 6.3
github
больше 3 лет назад

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.