vulnerability
Ubuntu: (Multiple Advisories) (CVE-2016-9566): Nagios vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Dec 15, 2016 | Apr 5, 2017 | Apr 14, 2025 |
Description
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)
Solution(s)
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.