A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges.
Package | net-analyzer/pnp4nagios on all architectures |
---|---|
Affected versions | < 0.6.26-r9 |
Unaffected versions | >= 0.6.26-r9 |
PNP4Nagios is an addon for the Nagios Network Monitoring System.
It was found that PHP4Nagios creates files owned by an unprivileged user that are used by root.
A local attacker could escalate privileges to root.
There is no known workaround at this time.
All PNP4Nagios users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/pnp4nagios-0.6.26-r9"
Release date
June 24, 2018
Latest revision
June 24, 2018: 1
Severity
normal
Exploitable
local
Bugzilla entries