Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8641

Опубликовано: 22 нояб. 2016
Источник: redhat
CVSS3: 6.7
CVSS2: 4.4
EPSS Низкий

Описание

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

Отчет

Red Hat OpenStack Platform versions 5, 6 and 7 are now in Phase 2 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenStack Platform Life Cycle: https://access.redhat.com/support/policy/updates/openstack/platform/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6nagiosWill not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7nagiosWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)nagiosWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)nagiosWill not fix
Red Hat Gluster Storage 3.1nagiosWill not fix
Red Hat Mobile Application Platform 4nagiosNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1394248nagios: Unsafe ownership change leading to privilege escalation

EPSS

Процентиль: 74%
0.00839
Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8641

CVSS3: 6.7
ubuntu
больше 7 лет назад

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

nvd логотип

CVE-2016-8641

CVSS3: 6.7
nvd
больше 7 лет назад

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

debian логотип

CVE-2016-8641

CVSS3: 6.7
debian
больше 7 лет назад

A privilege escalation vulnerability was found in nagios 4.2.x that oc ...

github логотип

GHSA-xh33-x4fq-3r2h

CVSS3: 7.8
github
больше 3 лет назад

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

suse-cvrf логотип

SUSE-SU-2018:3240-1

suse-cvrf
больше 7 лет назад

Security update for nagios

EPSS

Процентиль: 74%
0.00839
Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS2