Published: 15/12/2016 Updated: 25/12/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 726

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

base/logging.c in Nagios Core prior to 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios

Several security issues were fixed in Nagios ...

USN-3253-1 introduced a regression in Nagios ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...

A privilege escalation flaw was found in the way Nagios handled log files An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root ...

#!/bin/bash # # Source: legalhackerscom/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566html # # Nagios Core < 424 Root Privilege Escalation PoC Exploit # nagios-root-privescsh (ver 10) # # CVE-2016-9566 # # Discovered and coded by: # # Dawid Golunski # dawid[at]legalhackerscom # # legalhackerscom # # Follow https:/ ...

Nagios Core versions prior to 422 suffer from a curl command injection vulnerability that can lead to remote code execution ...

Config files for my GitHub profile.

hello The root account on Linux systems provides full administrative level access to the operating system During an assessment, you may gain a low-privileged shell on a Linux host and need to perform privilege escalation to the root account Fully compromising the host would allow us to capture traffic and access sensitive files, which may be used to further access within the

Config files for my GitHub profile.

hello The root account on Linux systems provides full administrative level access to the operating system During an assessment, you may gain a low-privileged shell on a Linux host and need to perform privilege escalation to the root account Fully compromising the host would allow us to capture traffic and access sensitive files, which may be used to further access within the

Config files for my GitHub profile.

hello The root account on Linux systems provides full administrative level access to the operating system During an assessment, you may gain a low-privileged shell on a Linux host and need to perform privilege escalation to the root account Fully compromising the host would allow us to capture traffic and access sensitive files, which may be used to further access within the

CWE-264 CWE-59 https://www.nagios.org/projects/nagios-core/history/4x/https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 https://bugzilla.redhat.com/show_bug.cgi?id=1402869 http://www.securityfocus.com/bid/94919 http://seclists.org/fulldisclosure/2016/Dec/58 https://security.gentoo.org/glsa/201702-26 https://security.gentoo.org/glsa/201612-51 http://www.securitytracker.com/id/1037487 https://www.exploit-db.com/exploits/40921/https://security.gentoo.org/glsa/201710-20 http://rhn.redhat.com/errata/RHSA-2017-0259.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0211.html https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html https://nvd.nist.gov https://usn.ubuntu.com/3253-1/https://www.exploit-db.com/exploits/40921/

CVE-2016-9566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect