Nagios CVE-2016-8641 Local Privilege Escalation Vulnerability

Description:  A privilege escalation vulnerability was found in nagios that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It’s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

Impact: A local attacker may exploit this issue to gain elevated root privileges on the affected system.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• http://www.securityfocus.com/bid/95121/info
• https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch
• https://bugzilla.redhat.com/show_bug.cgi?id=1394248

Recommended Posts

Press release April 2023: Situational Security Alerts from CIRT

21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts

Security Best Practices

29 Mar 2023 - Security Advisories & Alerts

Dropbox discloses breach after hacker stole 130 GitHub repositories

02 Nov 2022 - Security Advisories & Alerts