Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-14312

Published: 11 September 2017

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.

Notes

AuthorNote
mdeslaur 
this issue doesn't apply to the Debian/Ubuntu package. The
binary and config file both have appropriate permissions.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

xenial Not vulnerable

zesty Not vulnerable

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading