Wind River Support Network

HomeDefectsLIN10-1655
Not to be fixed

LIN10-1655 : Security Advisory - nagios-core - CVE-2017-12847

Created: Aug 28, 2017    Updated: Mar 14, 2019
Resolved Date: Mar 7, 2019
Found In Version: 10.17.41.1
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a kill `cat /pathname/nagios.lock` command.

https://nvd.nist.gov/vuln/detail/CVE-2017-12847
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube