Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Root privilege escalation CVE-2017-14312

https://support.nagios.com/forum/viewtopic.php?t=50232

Page 1 of 1

Root privilege escalation CVE-2017-14312

Posted: Fri Sep 14, 2018 3:57 am
by pepe_carlos
Hi,

I read this vulnerability https://github.com/NagiosEnterprises/na ... issues/424 and I have some doubts:

Is really a significant vulnerability?

In what cases could be exploded? I think that a simple user cannot change the configuration file (only the nagios user and group can changed it)

exist any workaround?

I would like to know too the offical planned date (estimated) to solved this vulnerabilty .

Thanks.

Re: Root privilege escalation CVE-2017-14312

Posted: Fri Sep 14, 2018 3:35 pm
by cdienger
It isn't an immediate threat in most deployments as it does require nagios user or group permissions to create or modify the configs to exploit this. We are planning a fix for the 5.0 release of core but a time frame isn't available. A work around is covered in https://seclists.org/oss-sec/2017/q3/474
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited