(RHSA-2017:0259) Important: nagios security update

2017-02-0711:08:27

access.redhat.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.929 High

EPSS

Percentile

99.0%

JSON

Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved.

Security Fix(es):

It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the ‘nagios’ user/group) could use this flaw to elevate their privileges to root. (CVE-2016-9566)

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64nagios-debuginfo< 3.5.1-9.el6nagios-debuginfo-3.5.1-9.el6.x86_64.rpm
RedHat6x86_64nagios-common< 3.5.1-9.el6nagios-common-3.5.1-9.el6.x86_64.rpm
RedHat6x86_64nagios< 3.5.1-9.el6nagios-3.5.1-9.el6.x86_64.rpm
RedHat6x86_64nagios-devel< 3.5.1-9.el6nagios-devel-3.5.1-9.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	nagios-debuginfo	< 3.5.1-9.el6	nagios-debuginfo-3.5.1-9.el6.x86_64.rpm
RedHat	6	x86_64	nagios-common	< 3.5.1-9.el6	nagios-common-3.5.1-9.el6.x86_64.rpm
RedHat	6	x86_64	nagios	< 3.5.1-9.el6	nagios-3.5.1-9.el6.x86_64.rpm
RedHat	6	x86_64	nagios-devel	< 3.5.1-9.el6	nagios-devel-3.5.1-9.el6.x86_64.rpm