Back to bug 1402869

Who When What Removed Added
Adam Mariš 2016-12-08 14:08:48 UTC Depends On 1402870
Adam Mariš 2016-12-08 14:09:00 UTC Depends On 1402871
Adam Mariš 2016-12-08 14:12:18 UTC Blocks 1402874
Siddharth Sharma 2016-12-13 17:42:08 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=new,openstack-5-rhel6/nagios=new,openstack-5-rhel7/nagios=new,openstack-6/nagios=new,openstack-7/nagios=new,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=new,openstack-5-rhel7/nagios=new,openstack-6/nagios=new,openstack-7/nagios=new,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected
Tim Suter 2016-12-15 00:17:52 UTC CC tsuter
Tim Suter 2016-12-15 00:20:58 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=new,openstack-5-rhel7/nagios=new,openstack-6/nagios=new,openstack-7/nagios=new,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected
Tim Suter 2016-12-15 00:34:30 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected
Rejy M Cyriac 2016-12-15 17:00:53 UTC CC rcyriac
Jason Shepherd 2016-12-16 03:18:46 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=new,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected
Siddharth Sharma 2016-12-16 06:25:17 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected
Siddharth Sharma 2016-12-16 07:50:37 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=wontfix/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected
Siddharth Sharma 2016-12-21 12:56:53 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=wontfix/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected
Siddharth Sharma 2016-12-21 13:03:44 UTC Depends On 1406780
Julien Thomas 2017-01-12 15:09:02 UTC CC dario.vieli
CC dario.vieli
CC julthomas
Tim Suter 2017-01-16 06:16:41 UTC Depends On 1413483
Tim Suter 2017-01-16 06:18:24 UTC Depends On 1413481
Tim Suter 2017-01-16 06:19:26 UTC Depends On 1413482
Tim Suter 2017-01-16 06:20:21 UTC Depends On 1413480
Nick Bebout 2017-01-20 21:28:40 UTC CC nb
Siddharth Sharma 2017-01-24 03:07:19 UTC Blocks 1415899
Tim Suter 2017-01-30 02:00:09 UTC Doc Text It was found that an attacker who could control logging configuration of nagios could elevate their access to a privileged user
Doc Type If docs needed, set a value Bug Fix
Summer Long 2017-01-30 02:17:17 UTC CC slong
Doc Text It was found that an attacker who could control logging configuration of nagios could elevate their access to a privileged user A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user.
Tim Suter 2017-01-30 03:48:10 UTC Blocks 1417519
Tim Suter 2017-01-31 23:07:28 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2017-01-31 18:07:28 UTC
Tim Suter 2017-01-31 23:17:53 UTC Status CLOSED ASSIGNED
Resolution ERRATA ---
Keywords Reopened
Tim Suter 2017-01-31 23:18:39 UTC Status ASSIGNED RELEASE_PENDING
Martin Prpič 2017-02-07 10:05:06 UTC Doc Text A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.
Siddharth Sharma 2017-02-08 04:12:23 UTC Status RELEASE_PENDING NEW
Adam Young 2017-10-18 18:53:28 UTC CC ayoung
PnT Account Manager 2018-01-30 03:14:33 UTC CC coneill
PnT Account Manager 2018-01-31 00:09:06 UTC CC aortega
PnT Account Manager 2018-01-31 02:07:56 UTC CC tsuter
PnT Account Manager 2019-04-22 21:31:30 UTC CC tjay
PnT Account Manager 2019-05-31 14:22:09 UTC CC smohan
Product Security DevOps Team 2019-06-08 03:03:52 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2017-01-31 23:07:28 UTC 2019-06-08 03:03:52 UTC
Product Security DevOps Team 2019-09-29 14:02:45 UTC Whiteboard impact=important,public=20161207,reported=20161207,source=internet,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-59,rhes-3.1/nagios=affected/impact=moderate,openstack-5-rhel6/nagios=wontfix,openstack-5-rhel7/nagios=wontfix,openstack-6/nagios=wontfix,openstack-7/nagios=wontfix,rhmap-4/nagios=affected/impact=moderate/cvss2=6.6/AV:L/AC:M/Au:S/C:C/I:C/A:C,fedora-all/nagios=affected,epel-all/nagios=affected,openstack-8/nagios=notaffected,openstack-9/nagios=notaffected,openstack-10/nagios=notaffected

Back to bug 1402869