| Name | CVE-2017-16834 |
| Description | PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| pnp4nagios | source | (unstable) | (not affected) |
- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package)
https://github.com/lingej/pnp4nagios/issues/140