Your submission was sent successfully! Close

CVE-2016-10089

Published: 15 February 2017

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not used)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not used])

Notes

AuthorNote
mdeslaur
Debian/Ubuntu uses a different init script

References