It was found that nagios daemon creates its PID file after dropping privileges, which allows to change its content by non-root user with PID of any other process, resulting into denial-of-service when daemon is stopped. Upstream bug: https://github.com/NagiosEnterprises/nagioscore/issues/404 References: http://seclists.org/oss-sec/2017/q3/305
Created nagios tracking bugs for this issue: Affects: epel-all [bug 1482480] Affects: fedora-all [bug 1482481]
There are no other processes within PID namespace for Nagios container in RHMAP. Closing as WONTFIX
This vulnerability is out of security support scope for the following product: * Red Hat Mobile Application Platform Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-12847