PNP4Nagios: Root privilege escalation — GLSA 201806-09

A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges.

Affected Packages

net-analyzer/pnp4nagios on all architectures
Affected versions < 0.6.26-r9
Unaffected versions >= 0.6.26-r9

Background

PNP4Nagios is an addon for the Nagios Network Monitoring System.

Description

It was found that PHP4Nagios creates files owned by an unprivileged user that are used by root.

Impact

A local attacker could escalate privileges to root.

Workaround

There is no known workaround at this time.

Resolution

All PNP4Nagios users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-analyzer/pnp4nagios-0.6.26-r9"
 

References

Release Date
June 24, 2018

Latest Revision
June 24, 2018: 1

Severity
normal

Exploitable
local

Bugzilla entries