USN-3253-1: Nagios vulnerabilities
USN-3253-1: Nagios vulnerabilities Ubuntu Security Notice USN-3253-1 3rd April, 2017 nagios3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Nagios. Software description nagios3 – host/service/network monitoring and management system Details It was discovered that Nagios incorrectly handled certain long strings. Aremote authenticated attacker could use this issue to cause Nagios tocrash, resulting in a denial of service, or possibly obtain sensitiveinformation. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages tocmd.cgi. A remote attacker could possibly use this issue to cause Nagios tocrash, resulting in a denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled symlinks whenaccessing log files. A local attacker could possibly use this issue toelevate privileges. In the default installation of Ubuntu, this [ more… ]