Escalation Vulnerability
Posted: Wed May 09, 2018 5:19 am
Hello
This maybe something that cannot be resolved but I thought I would check - we have a Qualys scanner and it flagged an issue with Nagios Core 4.3.4
QID- 370766
Nagios Core Local Privilege Escalation Vulnerability.
Nagios Core initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
It states no fixes are available but thought I would check
Thank you
Chris
This maybe something that cannot be resolved but I thought I would check - we have a Qualys scanner and it flagged an issue with Nagios Core 4.3.4
QID- 370766
Nagios Core Local Privilege Escalation Vulnerability.
Nagios Core initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
It states no fixes are available but thought I would check
Thank you
Chris