Joined: 12 May 2004
|Posted: Wed Oct 18, 2017 4:26 am Post subject: [ GLSA 201710-20 ] Nagios
|Gentoo Linux Security Advisory
Title: Nagios: Multiple vulnerabilities (GLSA 201710-20)
Exploitable: local, remote
Bug(s): #602216, #628086
Multiple vulnerabilities have been found in Nagios, the worst of
which could lead to the remote execution of arbitrary code.
Nagios is an open source host, service and network monitoring program.
Vulnerable: < 4.3.3
Unaffected: >= 4.3.3
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Nagios. Please review
the referenced CVE identifiers for details.
A remote attacker could possibly escalate privileges to root, thus
allowing the execution of arbitrary code, by leveraging CVE-2016-9565.
Additionally, a local attacker could cause a Denial of Service condition
against arbitrary processes due to the improper dropping of privileges.
There is no known workaround at this time.
All Nagios users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.3"