GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jun 24, 2018 3:26 am Post subject: [ GLSA 201806-09 ] PNP4Nagios |
|
|
Gentoo Linux Security Advisory
Title: PNP4Nagios: Root privilege escalation (GLSA 201806-09)
Severity: normal
Exploitable: local
Date: 2018-06-24
Bug(s): #637640
ID: 201806-09
Synopsis
A vulnerability in PNP4Nagios which may allow local attackers to
gain root privileges.
Background
PNP4Nagios is an addon for the Nagios Network Monitoring System.
Affected Packages
Package: net-analyzer/pnp4nagios
Vulnerable: < 0.6.26-r9
Unaffected: >= 0.6.26-r9
Architectures: All supported architectures
Description
It was found that PHP4Nagios creates files owned by an unprivileged user
that are used by root.
Impact
A local attacker could escalate privileges to root.
Workaround
There is no known workaround at this time.
Resolution
All PNP4Nagios users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-analyzer/pnp4nagios-0.6.26-r9"
|
References
CVE-2017-16834 |
|