CVE-2016-8641
Published: 1 August 2018
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Notes
| Author | Note |
|---|---|
| tyhicks | Debian packaging provides its own init script |
Priority
Low
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
icinga Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| precise |
Does not exist
(precise was needs-triage)
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
nagios3 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not present)
|
| bionic |
Not vulnerable
(code not present)
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
(precise was not-affected [code not present])
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| yakkety |
Not vulnerable
(code not present)
|
|
| zesty |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1 |
||