Posted by Dawid Golunski on Dec 15

Vulnerability:
Nagios Core < 4.2.4 Root Privilege Escalation
CVE-2016-9566

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: High

Nagios Core daemon in versions below 4.2.4 was found to perform unsafe
operations when handling the log file. This could be exploited by
malicious local attackers to escalate their privileges from ‘nagios’
system user,
or from a user belonging to ‘nagios’…