Stay Secure with the Latest Linux Advisories

security advisorygentoolocal attack

Gentoo: GLSA-201806-09 Normal: PNP4Nagios Root Privilege Escalation

A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201806-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PNP4Nagios: Root privilege escalation Date: June 24, 2018 Bugs: #637640 ID: 201806-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges. Background ========= PNP4Nagios is an addon for the Nagios Network Monitoring System. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/pnp4nagios < 0.6.26-r9 > = 0.6.26-r9 Description ========== It was found that PHP4Nagios creates files owned by an unprivileged user that are used by root. Impact ===== A local attacker could escalate privileges to root. Workaround ========= There is no known workaround at this time. Resolution ========= All PNP4Nagios users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =net-analyzer/pnp4nagios-0.6.26-r9" References ========= [ 1 ] CVE-2017-16834 https://nvd.nist.gov/vuln/detail/CVE-2017-16834 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201806-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should beaddressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Uncover how a PNP4Nagios flaw within Gentoo systems permits local adversaries to obtain root privileges without any currently known countermeasure.. PNP4Nagios Vulnerability, Root Escalation Threat, Gentoo Advisory, Local Attack. . LinuxSecurity.com Team

Jun 24, 2018 Gentoo