Published: 01/08/2018 Updated: 12/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local malicious user to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios 4.2.3
nagios nagios 4.2.2
nagios nagios 4.2.1
nagios nagios 4.2.0

A privilege escalation vulnerability was found in nagios 42x that occurs in daemon-initin when creating necessary files and insecurely changing the ownership afterwards It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change ...

Affected Product: Nagios 4 Vulnerability Type: root privilege escalation Fixed in Version: N/A Vendor Website: wwwnagioscom/ Software Link: : sourceforgenet/projects/nagios/files/latest/download?source=directory-featured Affected Version: 422 and prior Tested on: Ubuntu Remote Exploitable: No Reported to vendor: 8 ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641 https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch https://www.exploit-db.com/exploits/40774/https://security.gentoo.org/glsa/201702-26 http://www.securityfocus.com/bid/95121 https://nvd.nist.gov https://www.exploit-db.com/exploits/40774/https://access.redhat.com/security/cve/cve-2016-8641

CVE-2016-8641

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect