CVE-2017-14312

Name of the Vulnerable Software and Affected Versions Nagios Core versions prior to 4.4

Description The issue allows local users to gain privileges by leveraging access to a non-root account that owns certain configuration files or the executable. This is possible because Nagios Core initially executes as root but supports configuration options where key files are owned by non-root accounts.

Recommendations For Nagios Core versions prior to 4.4, consider restricting access to the configuration files and executable to prevent local users from exploiting this issue. As a temporary workaround, ensure that all files related to Nagios Core are owned by a root account to minimize the risk of exploitation.