Hi,
I read this vulnerability https://github.com/NagiosEnterprises/na ... issues/424 and I have some doubts:
Is really a significant vulnerability?
In what cases could be exploded? I think that a simple user cannot change the configuration file (only the nagios user and group can changed it)
exist any workaround?
I would like to know too the offical planned date (estimated) to solved this vulnerabilty .
Thanks.
Root privilege escalation CVE-2017-14312
-
- Posts: 43
- Joined: Wed Aug 17, 2011 9:09 am
- Location: Madrid, Spain
Re: Root privilege escalation CVE-2017-14312
It isn't an immediate threat in most deployments as it does require nagios user or group permissions to create or modify the configs to exploit this. We are planning a fix for the 5.0 release of core but a time frame isn't available. A work around is covered in https://seclists.org/oss-sec/2017/q3/474
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.