CVE-2017-14312
Gentoo Linux Security Advisory 201812-03
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
Nagios Core hasta la versiĆ³n 4.3.4 ejecuta inicialmente /usr/sbin/nagios como root, pero es compatible con opciones de configuraciĆ³n en las cuales este archivo es propiedad de una cuenta sin root (y, de forma similar, puede poseer nagios.cfg sin root), lo que permite que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta sin root.
A vulnerability in Nagios allows local users to escalate privileges. Versions less than 4.3.4 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-11 CVE Reserved
- 2017-09-11 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100881 | Vdb Entry | |
| https://github.com/NagiosEnterprises/nagioscore/issues/424 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201812-03 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nagios Search vendor "Nagios" | Nagios Core Search vendor "Nagios" for product "Nagios Core" | <= 4.3.4 Search vendor "Nagios" for product "Nagios Core" and version " <= 4.3.4" | - |
Affected
| ||||||