Nagios 'nagios.log' File Permissions Error Lets Local Users Obtain Root Privileges
|
SecurityTracker Alert ID: 1037487 |
SecurityTracker URL: http://securitytracker.com/id/1037487
|
CVE Reference:
CVE-2016-9566
(Links to External Site)
|
Date: Dec 17 2016
|
Impact:
Modification of system information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 4.2.4
|
Description:
A vulnerability was reported in Nagios. A local user can obtain root privileges on the target system.
The software does not drop root privileges before opening the '/usr/local/nagios/var/nagios.log' file for writing. A local user with 'nagios' user or 'nagios' group privileges can create a symbolic link (symlink) from a critical file on the target system to the log file to cause the symlinked file to be created with root privileges.
The original advisory and a demonstration exploit is available at:
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Dawid Golunski reported this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fix (4.2.4).
The vendor advisory is available at:
https://www.nagios.org/projects/nagios-core/history/4x/
|
Vendor URL: www.nagios.org/projects/nagios-core/history/4x/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|