CVE-2016-8641
MEDIUM severity · CVSS 6.7 · CWE-59
6.7CVSS MEDIUM
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Impact & exploitability
Attack vectorLocal
Attack complexityHigh
Privileges requiredLow
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641 ↗
Additional information
- NVD record
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641Patch
- https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patchPatch
- http://www.securityfocus.com/bid/95121Advisory
- https://security.gentoo.org/glsa/201702-26Advisory
- https://www.exploit-db.com/exploits/40774/Advisory