Page 2 of 33 results (0.003 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. Nagios Core en versiones anteriores a la 4.3.3 crea un archivo nagios.lock PID tras eliminar privilegios a una cuenta no-root, lo que podría permitir que usuarios locales terminen procesos arbitrarios aprovechando el acceso a esta cuenta no-root para modificar nagios.lock antes de que un script root ejecute un comando "kill `cat /pathname/nagios.lock`". • http://www.securityfocus.com/bid/100403 https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752 https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb https://github.com/NagiosEnterprises/nagioscore/issues/404 https://security.gentoo.org/glsa/201710-20 • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Nagios 4.3.2 y anteriores permite a los usuarios locales obtener privilegios root mediante un ataque de vínculo físico en el archivo de script init de Nagios. Esta vulnerabilidad está relacionada con CVE-2016-8641. • http://www.openwall.com/lists/oss-security/2016/12/30/6 http://www.securityfocus.com/bid/95171 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18/2 http://www.securityfocus.com/bid/68776 https://bugzilla.redhat.com/show_bug.cgi?id=1121497 https://exchange.xforce.ibmcloud.com/vulnerabilities/94737 https://rhn.redhat.com/errata/RHSA-2017-0211.html https:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 92%CPEs: 1EXPL: 2

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos usando CVE-2016-9565. A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root. • https://www.exploit-db.com/exploits/40921 http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/Dec/58 http://www.securityfocus.com/bid/94919 http://www.securitytracker.com/id/103748 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •