CVE-2017-12847
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
AI Score
Confidence
High
6.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C
0.001 Low
EPSS
Percentile
24.9%
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a “kill cat /pathname/nagios.lock” command.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nagios:nagios | nagios | le | 4.3.2 |
References
www.securityfocus.com/bid/100403
github.com/NagiosEnterprises/nagioscore/blob/master/Changelog
github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
github.com/NagiosEnterprises/nagioscore/issues/404
security.gentoo.org/glsa/201710-20
Related
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
AI Score
Confidence
High
6.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C
0.001 Low
EPSS
Percentile
24.9%