Your submission was sent successfully! Close

CVE-2016-9566

Published: 15 December 2016

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was released [3.5.1-1ubuntu1.1])
upstream Needs triage

xenial
Released (3.5.1.dfsg-2.1ubuntu1.1)
yakkety
Released (3.5.1.dfsg-2.1ubuntu3.1)
zesty
Released (3.5.1.dfsg-2.1ubuntu5)
Patches:
upstream: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4