CVE-2016-9566
Nagios < 4.2.4 - Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos usando CVE-2016-9565.
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-22 CVE Reserved
- 2016-12-15 CVE Published
- 2023-08-28 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Dec/58 | Mailing List |
|
| http://www.securityfocus.com/bid/94919 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037487 | Vdb Entry | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40921 | 2024-08-06 | |
| https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 | 2018-12-25 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0211.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0212.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0213.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0214.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0258.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0259.html | 2018-12-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1402869 | 2017-02-07 | |
| https://security.gentoo.org/glsa/201612-51 | 2018-12-25 | |
| https://security.gentoo.org/glsa/201702-26 | 2018-12-25 | |
| https://security.gentoo.org/glsa/201710-20 | 2018-12-25 | |
| https://www.nagios.org/projects/nagios-core/history/4x | 2018-12-25 | |
| https://access.redhat.com/security/cve/CVE-2016-9566 | 2017-02-07 |