Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9566

Опубликовано: 07 дек. 2016
Источник: redhat
CVSS3: 7.3
CVSS2: 6.9
EPSS Средний

Описание

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Mobile Application Platform 4nagiosAffected
Red Hat OpenStack Platform 10 (Newton)nagiosNot affected
Red Hat OpenStack Platform 8 (Liberty)nagiosNot affected
Red Hat OpenStack Platform 9 (Mitaka)nagiosNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6nagiosFixedRHSA-2017:021231.01.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7nagiosFixedRHSA-2017:021131.01.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7nagiosFixedRHSA-2017:021331.01.2017
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7nagiosFixedRHSA-2017:021431.01.2017
Red Hat Gluster Storage 3.1 for RHEL 6nagiosFixedRHSA-2017:025907.02.2017
Red Hat Gluster Storage 3.1 for RHEL 7nagiosFixedRHSA-2017:025807.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1402869nagios: Privilege escalation issue

EPSS

Процентиль: 93%
0.115
Средний

7.3 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9566

CVSS3: 7.8
ubuntu
около 9 лет назад

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

nvd логотип

CVE-2016-9566

CVSS3: 7.8
nvd
около 9 лет назад

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

debian логотип

CVE-2016-9566

CVSS3: 7.8
debian
около 9 лет назад

base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...

github логотип

GHSA-9332-j4wp-2xcq

CVSS3: 7.8
github
больше 3 лет назад

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

suse-cvrf логотип

openSUSE-SU-2017:0146-1

suse-cvrf
около 9 лет назад

Security update for icinga

EPSS

Процентиль: 93%
0.115
Средний

7.3 High

CVSS3

6.9 Medium

CVSS2