[naemon-users] Privilege Escalation, RCE Flaws Patched in Nagios Core

Sven Nierlein Sven.Nierlein at Consol.de
Tue Dec 20 15:16:51 CET 2016

On 20/12/16 14:42, Greg Spath wrote:
> Because Naemon uses Thruk, and because the only users I have on my Nagios systems are trusted admins and operations people, I don't think we are vulnerable to this.  Management is bugging me, though, so can somebody chime in?
> http://www.securityweek.com/privilege-escalation-rce-flaws-patched-nagios-core


thats right. Since there is no RSS feature in Naemon and we completely removed the CGIs in favor of Thruk this
should not apply to naemon. However, since there are a couple of issues mentioned, we should investigate at least
the logfile issue.
I will post some news on naemon.org soon.


Sven Nierlein             Sven.Nierlein at consol.de
ConSol* GmbH              http://www.consol.de
Franziskanerstrasse 38    Tel.:089/45841-439
81669 Muenchen            Fax.:089/45841-111

More information about the Naemon-users mailing list