






















Insecure Permissions vulnerability in Nagios Network Analyzer v.2024R1.02-64 and before allows a local attacker to escalate privileges via the remove_source.sh component. Nagios Network Analyzer VM's default setup grants the "nna" user sudo permissions to execute specific scripts. These permissions can be exploited to alter script behaviors, enabling a Privilege Escalation Attack. Thus, even with/without password changes, a normal user can escalate to Superuser (root), gaining full system control through the misuse of sudo rights. Affected Component: /usr/local/nagiosna/scripts/remove_source.sh Confirmation by the Vendor: https://www.nagios.com/changelog/#network-analyzer
https://github.com/sartlabs/0days/tree/main/Nagios%20Network%20Analyzer
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。