SUSE CVE-2017-12847

🗓️ 15 Feb 2023 04:41:26Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Nagios Core 4.3.3 drops to non-root, creates nagios.lock, enabling local users to kill processes.

Reporter	Title	Published	Views	Family All 21
ATTACKERKB	CVE-2017-12847	23 Aug 201721:29	–	attackerkb
CNVD	Nagios Core Denial of Service Vulnerability	25 Aug 201700:00	–	cnvd
CVE	CVE-2017-12847	23 Aug 201721:00	–	cve
Cvelist	CVE-2017-12847	23 Aug 201721:00	–	cvelist
EUVD	EUVD-2017-4384	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 27 Update: nagios-4.3.4-3.fc27	15 Nov 201717:56	–	fedora
Tenable Nessus	Fedora 27 : nagios (2017-d270e932a3)	15 Jan 201800:00	–	nessus
Tenable Nessus	GLSA-201710-20 : Nagios: Multiple vulnerabilities	18 Oct 201700:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2017-12847	5 Sep 202500:00	–	nessus
Gentoo Linux	Nagios: Multiple vulnerabilities	18 Oct 201700:00	–	gentoo

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	11.3	any	nagios	3.0.6-1.25.36.6.2	nagios-3.0.6-1.25.36.6.2.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios	4.4.6-2.5	nagios-4.4.6-2.5.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-contrib	4.4.6-2.5	nagios-contrib-4.4.6-2.5.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-devel	4.4.6-2.5	nagios-devel-4.4.6-2.5.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-theme-exfoliation	4.4.6-2.5	nagios-theme-exfoliation-4.4.6-2.5.noarch.rpm
SUSE Linux Enterprise Server	11.3	any	nagios-www	3.0.6-1.25.36.6.2	nagios-www-3.0.6-1.25.36.6.2.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-www	4.4.6-2.5	nagios-www-4.4.6-2.5.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-www-dch	4.4.6-2.5	nagios-www-dch-4.4.6-2.5.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2017-12847
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1054163

07 Oct 2025 10:21Current

9.5High risk

Vulners AI Score9.5

CVSS 35.5

EPSS0.00041

Nagios Core local users lock file nagios.lock privilege escalation