[naemon-users] Privilege Escalation, RCE Flaws Patched in Nagios Core

Sven Nierlein Sven.Nierlein at Consol.de
Tue Dec 20 15:16:51 CET 2016

Previous message: [naemon-users] Privilege Escalation, RCE Flaws Patched in Nagios Core
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/12/16 14:42, Greg Spath wrote:
> Because Naemon uses Thruk, and because the only users I have on my Nagios systems are trusted admins and operations people, I don't think we are vulnerable to this.  Management is bugging me, though, so can somebody chime in?
>
> http://www.securityweek.com/privilege-escalation-rce-flaws-patched-nagios-core
>

Hi,

thats right. Since there is no RSS feature in Naemon and we completely removed the CGIs in favor of Thruk this
should not apply to naemon. However, since there are a couple of issues mentioned, we should investigate at least
the logfile issue.
I will post some news on naemon.org soon.

Cheers,
 Sven

-- 
Sven Nierlein             Sven.Nierlein at consol.de
ConSol* GmbH              http://www.consol.de
Franziskanerstrasse 38    Tel.:089/45841-439
81669 Muenchen            Fax.:089/45841-111

Previous message: [naemon-users] Privilege Escalation, RCE Flaws Patched in Nagios Core
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Naemon-users mailing list