CVE-2016-9566
Nagios < 4.2.4 - Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos usando CVE-2016-9565.
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root.
USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-22 CVE Reserved
- 2016-12-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Dec/58 | Mailing List |
|
| http://www.securityfocus.com/bid/94919 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037487 | Vdb Entry | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40921 | 2024-08-06 | |
| https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 | 2018-12-25 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0211.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0212.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0213.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0214.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0258.html | 2018-12-25 | |
| http://rhn.redhat.com/errata/RHSA-2017-0259.html | 2018-12-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1402869 | 2017-02-07 | |
| https://security.gentoo.org/glsa/201612-51 | 2018-12-25 | |
| https://security.gentoo.org/glsa/201702-26 | 2018-12-25 | |
| https://security.gentoo.org/glsa/201710-20 | 2018-12-25 | |
| https://www.nagios.org/projects/nagios-core/history/4x | 2018-12-25 | |
| https://access.redhat.com/security/cve/CVE-2016-9566 | 2017-02-07 |