{"id":"USN-3253-2","summary":"nagios3 regression","details":"USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files\nfrom being displayed in the web interface. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that Nagios incorrectly handled certain long strings. A\n remote authenticated attacker could use this issue to cause Nagios to\n crash, resulting in a denial of service, or possibly obtain sensitive\n information. (CVE-2013-7108, CVE-2013-7205)\n \n It was discovered that Nagios incorrectly handled certain long messages to\n cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to\n crash, resulting in a denial of service. (CVE-2014-1878)\n \n Dawid Golunski discovered that Nagios incorrectly handled symlinks when\n accessing log files. A local attacker could possibly use this issue to\n elevate privileges. In the default installation of Ubuntu, this should be\n prevented by the Yama link restrictions. (CVE-2016-9566)\n","modified":"2026-02-10T04:41:06Z","published":"2017-06-07T16:52:16Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3253-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1690380"}],"affected":[{"package":{"name":"nagios3","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/nagios3@3.5.1-1ubuntu1.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.1-1ubuntu1.3"}]}],"versions":["3.4.1-5ubuntu2","3.4.1-5ubuntu3","3.5.1-1ubuntu1","3.5.1-1ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.1-1ubuntu1.3","binary_name":"nagios3"},{"binary_version":"3.5.1-1ubuntu1.3","binary_name":"nagios3-cgi"},{"binary_version":"3.5.1-1ubuntu1.3","binary_name":"nagios3-common"},{"binary_version":"3.5.1-1ubuntu1.3","binary_name":"nagios3-core"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3253-2.json"}},{"package":{"name":"nagios3","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/nagios3@3.5.1.dfsg-2.1ubuntu1.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.1.dfsg-2.1ubuntu1.3"}]}],"versions":["3.5.1-1ubuntu4","3.5.1.dfsg-2ubuntu1","3.5.1.dfsg-2ubuntu2","3.5.1.dfsg-2.1ubuntu1","3.5.1.dfsg-2.1ubuntu1.1","3.5.1.dfsg-2.1ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.1.dfsg-2.1ubuntu1.3","binary_name":"nagios3"},{"binary_version":"3.5.1.dfsg-2.1ubuntu1.3","binary_name":"nagios3-cgi"},{"binary_version":"3.5.1.dfsg-2.1ubuntu1.3","binary_name":"nagios3-common"},{"binary_version":"3.5.1.dfsg-2.1ubuntu1.3","binary_name":"nagios3-core"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3253-2.json"}}],"schema_version":"1.7.3"}