CVE-2016-9566

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9566
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9566.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9566
Related
Published
2016-12-15T22:59:00Z
Modified
2024-10-12T02:19:09.369348Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

References

Affected packages

Git / github.com/nagiosenterprises/nagioscore

Affected ranges

Type
GIT
Repo
https://github.com/nagiosenterprises/nagioscore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

4.*

4.2.1

nagios-1.*

nagios-1.0a6
nagios-1.0a7
nagios-1.0b1
nagios-1.0b2
nagios-1.0b3
nagios-1.0b4
nagios-1.0b5
nagios-1.0b6

nagios-2.*

nagios-2.0
nagios-2.0.b5
nagios-2.0b1
nagios-2.0b2
nagios-2.0b3
nagios-2.0b4
nagios-2.0b6
nagios-2.0rc1

nagios-3.*

nagios-3.0
nagios-3.0.1
nagios-3.0.2
nagios-3.0.3
nagios-3.0.4
nagios-3.0.5
nagios-3.0.6
nagios-3.0a1
nagios-3.0a2
nagios-3.0a3
nagios-3.0a4
nagios-3.0a5
nagios-3.0b1
nagios-3.0b2
nagios-3.0b3
nagios-3.0b4
nagios-3.0b5
nagios-3.0b6
nagios-3.0b7
nagios-3.0rc1
nagios-3.0rc2
nagios-3.0rc3
nagios-3.1.0
nagios-3.1.1
nagios-3.1.2
nagios-3.2.0
nagios-3.2.1
nagios-3.2.2
nagios-3.2.3
nagios-3.3.1
nagios-3.4.0
nagios-3.4.1

nagios-4.*

nagios-4.0.0
nagios-4.0.0-beta1
nagios-4.0.0-beta2
nagios-4.0.0-beta3
nagios-4.0.0-beta4
nagios-4.0.1
nagios-4.0.2
nagios-4.0.2rc1
nagios-4.0.3
nagios-4.0.3rc1
nagios-4.0.4
nagios-4.0.5
nagios-4.0.6
nagios-4.0.7
nagios-4.0.8
nagios-4.0.8rc1
nagios-4.1.0
nagios-4.1.0rc2
nagios-4.1.1
nagios-4.1.2-Pre1
nagios-4.2.0
nagios-4.2.1
nagios-4.2.2
nagios-4.2.3

release-4.*

release-4.2.3