Your submission was sent successfully! Close

CVE-2016-9566

Published: 15 December 2016

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.5.1.dfsg-2.1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.5.1-1ubuntu1.1])
Patches:
Upstream: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4