CVE-2017-14312

Published: Sep 11, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.

Affected (1)

Products: Nagios: Nagios Core

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios Core	Up to 4.3.4

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://www.securityfocus.com/bid/100881

Source: cve@mitre.org

https://github.com/NagiosEnterprises/nagioscore/issues/424

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201812-03

Source: cve@mitre.org

http://www.securityfocus.com/bid/100881

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/NagiosEnterprises/nagioscore/issues/424

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201812-03

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.