CVE-2016-8641 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-8641 Interim 1 24 2024-11-18T03:28:34Z current 2021-05-30T13:46:50Z 2024-11-18T03:28:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-8641 A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-October/004743.html E-Mail link for SUSE-SU-2018:3240-1 https://lists.suse.com/pipermail/sle-security-updates/2018-November/004828.html E-Mail link for SUSE-SU-2018:3620-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYDTKTNW6AJIKWLKJSYIEMSAQGFCFOXH/#IYDTKTNW6AJIKWLKJSYIEMSAQGFCFOXH E-Mail link for openSUSE-SU-2018:3258-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Manager Client Tools 12 openSUSE Tumbleweed icinga-1.13.3-12.3.1 icinga-devel-1.13.3-12.3.1 icinga-doc-1.13.3-12.3.1 icinga-idoutils-1.13.3-12.3.1 icinga-idoutils-mysql-1.13.3-12.3.1 icinga-idoutils-oracle-1.13.3-12.3.1 icinga-idoutils-pgsql-1.13.3-12.3.1 icinga-plugins-downtimes-1.13.3-12.3.1 icinga-plugins-eventhandlers-1.13.3-12.3.1 icinga-www-1.13.3-12.3.1 icinga-www-config-1.13.3-12.3.1 monitoring-tools-1.13.3-12.3.1 nagios-3.0.6-1.25.36.3.1 nagios-4.4.6-2.5 nagios-contrib-4.4.6-2.5 nagios-devel-3.0.6-1.25.36.3.1 nagios-devel-4.4.6-2.5 nagios-theme-exfoliation-4.4.6-2.5 nagios-www-3.0.6-1.25.36.3.1 nagios-www-4.4.6-2.5 nagios-www-dch-4.4.6-2.5 icinga-1.13.3-12.3.1 as a component of SUSE Enterprise Storage 4 nagios-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-www-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA nagios-www-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA nagios-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-www-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 nagios-www-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 nagios-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-devel-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-www-3.0.6-1.25.36.3.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 icinga-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-devel-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-doc-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-mysql-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-oracle-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-pgsql-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-plugins-downtimes-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-plugins-eventhandlers-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-www-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-www-config-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 monitoring-tools-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 nagios-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-contrib-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-devel-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-theme-exfoliation-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-dch-4.4.6-2.5 as a component of openSUSE Tumbleweed A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. CVE-2016-8641 SUSE Enterprise Storage 4:icinga-1.13.3-12.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-www-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:nagios-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:nagios-www-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server 11 SP4:nagios-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server 11 SP4:nagios-www-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:nagios-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:nagios-www-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-devel-3.0.6-1.25.36.3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-www-3.0.6-1.25.36.3.1 SUSE Manager Client Tools 12:icinga-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-devel-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-doc-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-mysql-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-oracle-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-pgsql-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-plugins-downtimes-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-plugins-eventhandlers-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-www-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-www-config-1.13.3-12.3.1 SUSE Manager Client Tools 12:monitoring-tools-1.13.3-12.3.1 openSUSE Tumbleweed:nagios-4.4.6-2.5 openSUSE Tumbleweed:nagios-contrib-4.4.6-2.5 openSUSE Tumbleweed:nagios-devel-4.4.6-2.5 openSUSE Tumbleweed:nagios-theme-exfoliation-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-dch-4.4.6-2.5 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H