PT-2018-5043 · Nagios+2 · Nagios+2

Vincent Malguy

·

Publicado

2018-08-01

·

Atualizado

2024-06-15

·

CVE-2016-8641

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions nagios version 4.2.x
Description A privilege escalation issue was found in the daemon-init.in component when creating necessary files and changing ownership. This allows a local attacker to create symbolic links before file creation, potentially escalating privileges with the ownership change.
Recommendations For nagios version 4.2.x, consider restricting access to the daemon-init.in component until a patch is available. As a temporary workaround, avoid using the daemon-init.in functionality that involves creating files and changing ownership to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2021-1161
ALT-PU-2021-1193
ALT-PU-2021-1194
CVE-2016-8641
OPENSUSE-SU-2018_3258-1
OPENSUSE-SU-2024:11073-1
SUSE-SU-2018:3240-1
SUSE-SU-2018:3620-1

Produtos afetados

Alt Linux
Suse
Nagios