Hello
This maybe something that cannot be resolved but I thought I would check - we have a Qualys scanner and it flagged an issue with Nagios Core 4.3.4
QID- 370766
Nagios Core Local Privilege Escalation Vulnerability.
Nagios Core initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
It states no fixes are available but thought I would check
Thank you
Chris
Escalation Vulnerability
Re: Escalation Vulnerability
The latest release is 4.3.4 so there is not a published fix available. When it is, the changelog will reflect it here: https://github.com/NagiosEnterprises/na ... /Changelog
Former Nagios employee
Re: Escalation Vulnerability
Thank you - do you know if this issue is resolved in Nagios XI
Re: Escalation Vulnerability
As Nagios XI runs Nagios Core under the hood, it would still be affected, yes.
Former Nagios employee