1
Candidate: CVE-2017-14312
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14312
5
https://github.com/NagiosEnterprises/nagioscore/issues/424
7
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but
8
supports configuration options in which this file is owned by a non-root
9
account (and similarly can have nagios.cfg owned by a non-root account),
10
which allows local users to gain privileges by leveraging access to this
14
mdeslaur> this issue doesn't apply to the Debian/Ubuntu package. The
15
mdeslaur> binary and config file both have appropriate permissions.
22
upstream_nagios3: needs-triage
23
precise/esm_nagios3: DNE
24
trusty_nagios3: not-affected
25
vivid/ubuntu-core_nagios3: DNE
26
xenial_nagios3: not-affected
27
zesty_nagios3: not-affected
28
devel_nagios3: not-affected