Vulnerability CVE-2016-8641

Vulnerability Name:

CVE-2016-8641 (CCN-119112)

Assigned:

2016-11-08

Published:

2016-11-08

Updated:

2023-02-12

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2016-8641

Source: CCN
Type: BID-95121
Nagios CVE-2016-8641 Local Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1394248
Bug 1394248 - CVE-2016-8641 nagios: Unsafe ownership change leading to privilege escalation

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
nagios-cve20168641-symlink(119112)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Packet Storm Security [12-02-2016]
Nagios 2.x / 3.x / 4.x Local Privilege Escalation

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-18-2016]

Source: CCN
Type: Nagios Web Site
Nagios - Network, Server and Log Monitoring Software

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:nagios:nagios:4.2.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20168641	V	CVE-2016-8641	2022-06-30
oval:org.opensuse.security:def:113010	P	nagios-4.4.6-2.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:34680	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:33068	P	Security update for libvpx (Moderate)	2021-12-23
oval:org.opensuse.security:def:34611	P	Security update for bcm43xx-firmware (Important)	2021-12-13
oval:org.opensuse.security:def:106456	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:30271	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:31307	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:34572	P	Security update for python36 (Moderate)	2021-10-20
oval:org.opensuse.security:def:31269	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:30128	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32182	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:35510	P	Security update for nextcloud (Important)	2021-09-14
oval:org.opensuse.security:def:34523	P	Security update for apache2-mod_auth_mellon (Moderate)	2021-09-02
oval:org.opensuse.security:def:32981	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:32143	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:29387	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:33928	P	Security update for qemu (Important)	2021-06-10
oval:org.opensuse.security:def:36234	P	log4net-1.2.10-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36192	P	libicu-32bit-4.0-7.26.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30185	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:30062	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:31140	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:28948	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31352	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:34636	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:30025	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:34465	P	Security update for mutt (Moderate)	2021-01-22
oval:org.opensuse.security:def:32924	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:30040	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:32830	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:35554	P	ghostscript-fonts-other-8.62-32.27.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32606	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32605	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28891	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:28806	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:30631	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:28675	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:34307	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:30587	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28607	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:34218	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:30568	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:28596	P	Security update for puppet	2020-12-01
oval:org.opensuse.security:def:34161	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:30529	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28595	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:34064	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30480	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:30425	P	Security update for xorg-x11-libXv (Moderate)	2020-12-01
oval:org.opensuse.security:def:33845	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35483	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33834	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:35444	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:33833	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:35395	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:35336	P	Security update for mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29908	P	Security update for lha (Moderate)	2020-12-01
oval:org.opensuse.security:def:35176	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31461	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29835	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:35086	P	Security update for jpeg (Low)	2020-12-01
oval:org.opensuse.security:def:31440	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29824	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:35029	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:31401	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28291	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:29823	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34929	P	Security update for facter (Moderate)	2020-12-01
oval:org.opensuse.security:def:28256	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34793	P	Security update for amanda (Moderate)	2020-12-01
oval:org.opensuse.security:def:27618	P	Security update for ghostscript	2020-12-01
oval:org.opensuse.security:def:34709	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27574	P	trousers-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34698	P	Security update for xorg-x11-libXv	2020-12-01
oval:org.opensuse.security:def:31053	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:27560	P	rubygem-json_pure on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34114	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:34697	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:30996	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:27521	P	novell-ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34074	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30905	P	Security update for freeradius	2020-12-01
oval:org.opensuse.security:def:27472	P	libpng-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33436	P	Security update for dbus	2020-12-01
oval:org.opensuse.security:def:30773	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:27419	P	imlib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33392	P	Security update for spacewalk	2020-12-01
oval:org.opensuse.security:def:30699	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27268	P	popt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33369	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:30688	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:27184	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33330	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30687	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:27127	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33281	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27046	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33224	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26918	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29343	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:26854	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29326	P	Security update for clamsap (Moderate)	2020-12-01
oval:org.opensuse.security:def:35359	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:26843	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29287	P	Security update for Real Time Linux kernel	2020-12-01
oval:org.opensuse.security:def:35318	P	Security update for mgetty (Moderate)	2020-12-01
oval:org.opensuse.security:def:26842	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29238	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32695	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29184	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:32617	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29032	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:com.ubuntu.cosmic:def:201686410000000	V	CVE-2016-8641 on Ubuntu 18.10 (cosmic) - low.	2018-08-01
oval:com.ubuntu.trusty:def:20168641000	V	CVE-2016-8641 on Ubuntu 14.04 LTS (trusty) - low.	2018-08-01
oval:com.ubuntu.bionic:def:201686410000000	V	CVE-2016-8641 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-01
oval:com.ubuntu.bionic:def:20168641000	V	CVE-2016-8641 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-01
oval:com.ubuntu.xenial:def:20168641000	V	CVE-2016-8641 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-01
oval:com.ubuntu.xenial:def:201686410000000	V	CVE-2016-8641 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-01
oval:com.ubuntu.cosmic:def:20168641000	V	CVE-2016-8641 on Ubuntu 18.10 (cosmic) - low.	2018-08-01
oval:com.ubuntu.artful:def:20168641000	V	CVE-2016-8641 on Ubuntu 17.10 (artful) - low.	2016-11-23
oval:com.ubuntu.precise:def:20168641000	V	CVE-2016-8641 on Ubuntu 12.04 LTS (precise) - low.	2016-11-23

BACK