Lucene search

[email protected]NVD:CVE-2016-8641

HistoryAug 01, 2018 - 2:29 p.m.

CVE-2016-8641

2018-08-0114:29:00

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

15.9%

JSON

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It’s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

Affected configurations

Nvd

Node

nagiosnagiosMatch4.2.0

nagiosnagiosMatch4.2.1

nagiosnagiosMatch4.2.2

nagiosnagiosMatch4.2.3

VendorProductVersionCPE
nagiosnagios4.2.0cpe:2.3:a:nagios:nagios:4.2.0:*:*:*:*:*:*:*
nagiosnagios4.2.1cpe:2.3:a:nagios:nagios:4.2.1:*:*:*:*:*:*:*
nagiosnagios4.2.2cpe:2.3:a:nagios:nagios:4.2.2:*:*:*:*:*:*:*
nagiosnagios4.2.3cpe:2.3:a:nagios:nagios:4.2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nagios	nagios	4.2.0	cpe:2.3:a:nagios:nagios:4.2.0:::::::*
nagios	nagios	4.2.1	cpe:2.3:a:nagios:nagios:4.2.1:::::::*
nagios	nagios	4.2.2	cpe:2.3:a:nagios:nagios:4.2.2:::::::*
nagios	nagios	4.2.3	cpe:2.3:a:nagios:nagios:4.2.3:::::::*