vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-9566): Nagios vulnerabilities

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 15, 2016
Added
Apr 5, 2017
Modified
Apr 14, 2025

Description

It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)

It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)

Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)

Solution(s)

ubuntu-upgrade-nagios3-cgiubuntu-upgrade-nagios3-core
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.