Bug 1510927 – CVE-2016-10089 nagios: Privilege escalation due to incomplete fix for CVE-2016-8641

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1510927 - (CVE-2016-10089) CVE-2016-10089 nagios: Privilege escalation due to incomplete fix for CVE-2016-8641

Summary:	CVE-2016-10089 nagios: Privilege escalation due to incomplete fix for CVE-201...

Status:	NEW

Aliases:	CVE-2016-10089

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20161230,reported=2...
Keywords:	Security

Depends On:	1510928 1510929
Blocks:	1510935
	Show dependency tree / graph

Reported:	2017-11-08 08:05 EST by Adam Mariš
Modified:	2018-02-12 04:03 EST (History)
CC List:	42 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2017-11-08 08:05:57 EST

Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.

External References:

http://www.openwall.com/lists/oss-security/2016/12/30/5

Comment 1 Adam Mariš 2017-11-08 08:06:40 EST

Created nagios tracking bugs for this issue:

Affects: epel-all [bug 1510929]
Affects: fedora-all [bug 1510928]

Comment 5 Joshua Padman 2017-11-09 18:35:18 EST

Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 9 Joshua Padman 2017-11-12 16:43:23 EST

Mitigation:

This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These protections are enabled by default in Red Hat Enterprise Linux 7 and this vulnerability will only be exploitable if disabled.
Ensure the following protections are enabled:
  sysctl -w fs.protected_hardlinks=1
  sysctl -w fs.protected_symlinks=1

Note You need to log in before you can comment on or make changes to this bug.

affix
apevec
athmanem
b.heden
chrisw
drusso
jjoyce
jmadigan
jose.p.oliveira.oss
jpadman
jschluet
jshepherd
kbasil
kpiwko
lemenkov
lgriffin
lhh
lpeer
mail
markmc
mburns
mmagr
ngough
pbraun
pwright
rbryant
rcyriac
rrajasek
sclewis
shawn.starr
sisharma
slinaber
smohan
smooge
smooge
srevivo
ssaha
s
swilkerson
tdecacqu
tjay
vbellur