Your submission was sent successfully! Close

CVE-2017-14312

Published: 11 September 2017

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
mdeslaur 
this issue doesn't apply to the Debian/Ubuntu package. The
binary and config file both have appropriate permissions.

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading