An unsafe file opening/creation of logging files that can be misused for root privilege escalation was found in base/logging.c. Upstream patch: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
Created nagios tracking bugs for this issue: Affects: fedora-all [bug 1402870] Affects: epel-all [bug 1402871]
An openshift user account is required to get access to the RHMAP Monitoring with Nagios, ref: https://access.redhat.com/documentation/en/red-hat-mobile-application-platform/4.2/paged/operations-guide/chapter-1-monitoring-rhmap-with-nagios#retrieving-nagios-login-credentials
External Reference: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
References: http://seclists.org/oss-sec/2016/q4/715
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0214 https://rhn.redhat.com/errata/RHSA-2017-0214.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0213 https://rhn.redhat.com/errata/RHSA-2017-0213.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0212 https://rhn.redhat.com/errata/RHSA-2017-0212.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0211 https://rhn.redhat.com/errata/RHSA-2017-0211.html
This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 6 Via RHSA-2017:0259 https://rhn.redhat.com/errata/RHSA-2017-0259.html
This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 7 Via RHSA-2017:0258 https://rhn.redhat.com/errata/RHSA-2017-0258.html