CVE-2017-16834

EUVD-2017-8008
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
pnp4nagiospnp4nagios
𝑥
≤ 0.6.26
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pnp4nagios
artful
dne
bionic
dne
cosmic
dne
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
https://github.com/lingej/pnp4nagios/issues/140
https://security.gentoo.org/glsa/201806-09
https://github.com/lingej/pnp4nagios/issues/140
https://security.gentoo.org/glsa/201806-09