GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Oct 18, 2017 4:26 am Post subject: [ GLSA 201710-20 ] Nagios |
|
|
Gentoo Linux Security Advisory
Title: Nagios: Multiple vulnerabilities (GLSA 201710-20)
Severity: normal
Exploitable: local, remote
Date: 2017-10-18
Bug(s): #602216, #628086
ID: 201710-20
Synopsis
Multiple vulnerabilities have been found in Nagios, the worst of
which could lead to the remote execution of arbitrary code.
Background
Nagios is an open source host, service and network monitoring program.
Affected Packages
Package: net-analyzer/nagios-core
Vulnerable: < 4.3.3
Unaffected: >= 4.3.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Nagios. Please review
the referenced CVE identifiers for details.
Impact
A remote attacker could possibly escalate privileges to root, thus
allowing the execution of arbitrary code, by leveraging CVE-2016-9565.
Additionally, a local attacker could cause a Denial of Service condition
against arbitrary processes due to the improper dropping of privileges.
Workaround
There is no known workaround at this time.
Resolution
All Nagios users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.3"
|
References
CVE-2016-9565
CVE-2016-9566
CVE-2017-12847
Last edited by GLSA on Mon Jan 15, 2018 4:16 am; edited 1 time in total |
|