Vulnerability Description
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios | <= 4.2.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2017-0211.html
- http://rhn.redhat.com/errata/RHSA-2017-0212.html
- http://rhn.redhat.com/errata/RHSA-2017-0213.html
- http://rhn.redhat.com/errata/RHSA-2017-0214.html
- http://rhn.redhat.com/errata/RHSA-2017-0258.html
- http://rhn.redhat.com/errata/RHSA-2017-0259.html
- http://seclists.org/fulldisclosure/2016/Dec/58Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/94919Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037487
- https://bugzilla.redhat.com/show_bug.cgi?id=1402869Issue Tracking
- https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11bIssue TrackingPatch
- https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.htExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://security.gentoo.org/glsa/201612-51
- https://security.gentoo.org/glsa/201702-26
FAQ
What is CVE-2016-9566?
CVE-2016-9566 is a vulnerability with a CVSS score of 7.8 (HIGH). base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged b...
How severe is CVE-2016-9566?
CVE-2016-9566 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9566?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios.