CVE-2016-8641
First published: Wed Aug 01 2018(Updated: )
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios | =4.2.0 | |
| Nagios Nagios | =4.2.1 | |
| Nagios Nagios | =4.2.2 | |
| Nagios Nagios | =4.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-8641?
CVE-2016-8641 is a privilege escalation vulnerability found in Nagios version 4.2.x.
What is the severity of CVE-2016-8641?
CVE-2016-8641 has a severity value of 7.8, which is considered high.
How does CVE-2016-8641 occur?
CVE-2016-8641 occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards.
Which versions of Nagios are affected by CVE-2016-8641?
Nagios versions 4.2.0, 4.2.1, 4.2.2, and 4.2.3 are affected by CVE-2016-8641.
How can I fix CVE-2016-8641?
To fix CVE-2016-8641, you should upgrade to a version of Nagios that is not affected by the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/event
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios
- version/nagios nagios/4.2.0
- version/nagios nagios/4.2.1
- version/nagios nagios/4.2.2
- version/nagios nagios/4.2.3