Bug 1402869 (CVE-2016-9566)
Summary: | CVE-2016-9566 nagios: Privilege escalation issue | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | affix, apevec, avibelli, chrisw, cvsbot-xmlrpc, gsterlin, jbalunas, jose.p.oliveira.oss, jschluet, jshepherd, julthomas, kbasil, lemenkov, lhh, linux, lpeer, markmc, mmagr, ondrejj, rbryant, rcyriac, rhs-bugs, rrajasek, sclewis, sgirijan, shawn.starr, sisharma, slong, smooge, srevivo, ssaha, s, storage-qa-internal, swilkerson, tdecacqu, tkirby, vbellur |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nagios 4.2.4 | Doc Type: | Bug Fix |
Doc Text: |
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:03:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1402870, 1402871, 1406780, 1413480, 1413481, 1413482, 1413483 | ||
Bug Blocks: | 1402874, 1415899, 1417519 |
Description
Adam Mariš
2016-12-08 14:08:40 UTC
Created nagios tracking bugs for this issue: Affects: fedora-all [bug 1402870] Affects: epel-all [bug 1402871] An openshift user account is required to get access to the RHMAP Monitoring with Nagios, ref: https://access.redhat.com/documentation/en/red-hat-mobile-application-platform/4.2/paged/operations-guide/chapter-1-monitoring-rhmap-with-nagios#retrieving-nagios-login-credentials External Reference: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html References: http://seclists.org/oss-sec/2016/q4/715 This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0214 https://rhn.redhat.com/errata/RHSA-2017-0214.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0213 https://rhn.redhat.com/errata/RHSA-2017-0213.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0212 https://rhn.redhat.com/errata/RHSA-2017-0212.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0211 https://rhn.redhat.com/errata/RHSA-2017-0211.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 6 Via RHSA-2017:0259 https://rhn.redhat.com/errata/RHSA-2017-0259.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 7 Via RHSA-2017:0258 https://rhn.redhat.com/errata/RHSA-2017-0258.html |