CVE-2016-8641 is a vulnerability in Nagios
Published on August 1, 2018
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2016-8641 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2016-8641
Want to know whenever a new CVE is published for Nagios? stack.watch will email you.
Affected Versions
Nagios Enterprises nagios Version 4.2.x is affected by CVE-2016-8641Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.