Vulnerability Description
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios | 4.2.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95121Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641Issue TrackingPatchThird Party Advisory
- https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cadPatchThird Party Advisory
- https://security.gentoo.org/glsa/201702-26Third Party Advisory
- https://www.exploit-db.com/exploits/40774/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/95121Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641Issue TrackingPatchThird Party Advisory
- https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cadPatchThird Party Advisory
- https://security.gentoo.org/glsa/201702-26Third Party Advisory
- https://www.exploit-db.com/exploits/40774/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-8641?
CVE-2016-8641 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local...
How severe is CVE-2016-8641?
CVE-2016-8641 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8641?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios.