Bug 1402869 (CVE-2016-9566) - CVE-2016-9566 nagios: Privilege escalation issue
Summary: CVE-2016-9566 nagios: Privilege escalation issue
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-9566
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20161207,repo...
Depends On: 1402870 1402871 1406780 1413480 1413481 1413482 1413483
Blocks: 1402874 1415899 1417519
TreeView+ depends on / blocked
 
Reported: 2016-12-08 14:08 UTC by Adam Mariš
Modified: 2019-06-11 11:13 UTC (History)
37 users (show)

Fixed In Version: nagios 4.2.4
Doc Type: Bug Fix
Doc Text:
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:03:52 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0211 normal SHIPPED_LIVE Important: nagios security update 2017-01-31 10:53:01 UTC
Red Hat Product Errata RHSA-2017:0212 normal SHIPPED_LIVE Important: nagios security update 2017-01-31 10:52:41 UTC
Red Hat Product Errata RHSA-2017:0213 normal SHIPPED_LIVE Important: nagios security update 2017-01-31 10:52:24 UTC
Red Hat Product Errata RHSA-2017:0214 normal SHIPPED_LIVE Important: nagios security update 2017-01-31 10:52:08 UTC
Red Hat Product Errata RHSA-2017:0258 normal SHIPPED_LIVE Important: nagios security update 2017-02-07 16:16:36 UTC
Red Hat Product Errata RHSA-2017:0259 normal SHIPPED_LIVE Important: nagios security update 2017-02-07 16:16:26 UTC

Description Adam Mariš 2016-12-08 14:08:40 UTC
An unsafe file opening/creation of logging files that can be misused for root privilege escalation was found in base/logging.c.

Upstream patch:

https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4

Comment 1 Adam Mariš 2016-12-08 14:09:13 UTC
Created nagios tracking bugs for this issue:

Affects: fedora-all [bug 1402870]
Affects: epel-all [bug 1402871]

Comment 5 Jason Shepherd 2016-12-15 04:00:35 UTC
An openshift user account is required to get access to the RHMAP Monitoring with Nagios, ref:

  https://access.redhat.com/documentation/en/red-hat-mobile-application-platform/4.2/paged/operations-guide/chapter-1-monitoring-rhmap-with-nagios#retrieving-nagios-login-credentials

Comment 7 Andrej Nemec 2016-12-21 09:02:32 UTC
References:

http://seclists.org/oss-sec/2016/q4/715

Comment 10 errata-xmlrpc 2017-01-31 05:53:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2017:0214 https://rhn.redhat.com/errata/RHSA-2017-0214.html

Comment 11 errata-xmlrpc 2017-01-31 05:55:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2017:0213 https://rhn.redhat.com/errata/RHSA-2017-0213.html

Comment 12 errata-xmlrpc 2017-01-31 05:56:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6

Via RHSA-2017:0212 https://rhn.redhat.com/errata/RHSA-2017-0212.html

Comment 13 errata-xmlrpc 2017-01-31 05:57:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7

Via RHSA-2017:0211 https://rhn.redhat.com/errata/RHSA-2017-0211.html

Comment 15 errata-xmlrpc 2017-02-07 11:16:45 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.1 for RHEL 6

Via RHSA-2017:0259 https://rhn.redhat.com/errata/RHSA-2017-0259.html

Comment 16 errata-xmlrpc 2017-02-07 11:17:48 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.1 for RHEL 7

Via RHSA-2017:0258 https://rhn.redhat.com/errata/RHSA-2017-0258.html


Note You need to log in before you can comment on or make changes to this bug.