Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Nagios 后置链接漏洞
Vulnerability Description
Nagios是美国程序员Ethan Galstad所研发的一套开源的系统运行状态和网络信息监控程序。该程序提供网络服务监控、主机资源监控、短信报警等功能。 Nagios 4.2.x版本中的daemon-init.in文件存在后置链接漏洞。本地攻击者可通过在文件创建之前,首先创建一个符号链接利用该漏洞提升权限。
CVSS Information
N/A
Vulnerability Type
N/A