High severity7.8NVD Advisory· Published Dec 15, 2016· Updated Jun 17, 2026
CVE-2016-9566
CVE-2016-9566
Description
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- Range: <4.2.4
- osv-coords20 versionspkg:rpm/opensuse/nagios&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grafana-ha-cluster-dashboards&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana-ha-cluster-dashboards&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/grafana-sap-netweaver-dashboards&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana-sap-netweaver-dashboards&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/grafana-sap-providers&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana-sap-providers&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/hwdata&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/icinga&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/icinga&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sysuser-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/sysuser-tools&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/zeromq&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/zeromq&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/zeromq&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/zeromq&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/zeromq&distro=SUSE%20Manager%20Client%20Tools%2012-BETA
< 4.4.6-2.5+ 19 more
- (no CPE)range: < 4.4.6-2.5
- (no CPE)range: < 1.1.0+git.1605027022.a84d536-1.10.1
- (no CPE)range: < 1.1.0+git.1605027022.a84d536-1.10.1
- (no CPE)range: < 1.0.3+git.1601889366.9f71957-1.10.1
- (no CPE)range: < 1.0.3+git.1601889366.9f71957-1.10.1
- (no CPE)range: < 1.1-1.7.1
- (no CPE)range: < 1.1-1.7.1
- (no CPE)range: < 0.314-10.14.1
- (no CPE)range: < 1.13.3-12.6.1
- (no CPE)range: < 1.13.3-12.8.1
- (no CPE)range: < 2.0-1.9.1
- (no CPE)range: < 2.0-1.9.1
- (no CPE)range: < 2.0-1.9.1
- (no CPE)range: < 2.0-1.9.1
- (no CPE)range: < 2.0-1.9.1
- (no CPE)range: < 4.0.4-15.8.1
- (no CPE)range: < 4.0.4-15.8.1
- (no CPE)range: < 4.0.4-15.8.1
- (no CPE)range: < 4.0.4-15.8.1
- (no CPE)range: < 4.0.4-15.8.1
Patches
Vulnerability mechanics
References
18- github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4nvdIssue TrackingPatch
- legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.htmlnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2016/Dec/58nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/94919nvdThird Party AdvisoryVDB Entry
- www.nagios.org/projects/nagios-core/history/4x/nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- rhn.redhat.com/errata/RHSA-2017-0211.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0212.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0213.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0214.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0258.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0259.htmlnvd
- www.securitytracker.com/id/1037487nvd
- lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlnvd
- security.gentoo.org/glsa/201612-51nvd
- security.gentoo.org/glsa/201702-26nvd
- security.gentoo.org/glsa/201710-20nvd
- www.exploit-db.com/exploits/40921/nvd
News mentions
0No linked articles in our index yet.