Описание
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Отчет
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These protections are enabled by default in Red Hat Enterprise Linux 7 and this vulnerability will only be exploitable if disabled. Ensure the following protections are enabled: sysctl -w fs.protected_hardlinks=1 sysctl -w fs.protected_symlinks=1
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | nagios | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | nagios | Will not fix | ||
| Red Hat Mobile Application Platform 4 | nagios | Not affected | ||
| Red Hat Storage 3 | nagios | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Nagios 4.3.2 and earlier allows local users to gain root privileges vi ...
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
EPSS
6.7 Medium
CVSS3