CVE-2017-16834

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
pnp4nagiospnp4nagios
𝑥
≤ 0.6.26
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pnp4nagios
cosmic
dne
bionic
dne
artful
dne
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/lingej/pnp4nagios/issues/140
https://security.gentoo.org/glsa/201806-09
https://github.com/lingej/pnp4nagios/issues/140
https://security.gentoo.org/glsa/201806-09