vulnerability

Ubuntu: USN-3253-2: Nagios regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:N/A:C)	Jun 7, 2017	Jun 8, 2017	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:C)

Published

Jun 7, 2017

Added

Jun 8, 2017

Modified

Feb 19, 2025

Description

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108,CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2016-9566)

Solutions

ubuntu-upgrade-nagios3-cgiubuntu-upgrade-nagios3-core

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today