Описание
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat /pathname/nagios.lock" command.
Ссылки
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
6.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
EPSS
6.3 Medium
CVSS3
6.3 Medium
CVSS2