CVE-2017-16834

Published: Nov 16, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.

Affected (1)

Products: Pnp4nagios: Pnp4nagios

Pnp4nagios

1 product

Pnp4nagios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pnp4nagios Pnp4nagios	Up to 0.6.26

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://github.com/lingej/pnp4nagios/issues/140

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201806-09

Source: cve@mitre.org

https://github.com/lingej/pnp4nagios/issues/140

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201806-09

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.