CVE-2017-16834
First published: Thu Nov 16 2017(Updated: )
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PNP4Nagios | <=0.6.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16834?
CVE-2017-16834 is considered to have a high severity due to its potential for local privilege escalation.
How do I fix CVE-2017-16834?
To fix CVE-2017-16834, ensure that /usr/bin/npcd and npcd.cfg are owned by the root account and restrict access to unprivileged users.
Who is affected by CVE-2017-16834?
CVE-2017-16834 affects systems running Pnp4Nagios versions up to and including 0.6.26.
What are the potential impacts of CVE-2017-16834?
The potential impacts of CVE-2017-16834 include unauthorized local privilege escalation, allowing users to execute arbitrary code with higher privileges.
Is there a patch available for CVE-2017-16834?
There is no specific patch mentioned for CVE-2017-16834, but applying best security practices regarding file permissions can mitigate the risk.
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- agent/weakness
- agent/remedy
- agent/event
- vendor/pnp4nagios
- canonical/pnp4nagios
- version/pnp4nagios/0.6.26