A new critical bug that can gain root privilege of your system through Nagios Core has emerged online. The bug has affected the open source software by allowing a backdoor root privilege escalation to attackers.
Security researcher Dawid Golunski has identified the latest vulnerability within Nagios Core that is a popular open source software used to monitor network and infrastructure. The critical bug, coined as CVE-2016-9566, is dependent on the CVE-2016-9565 vulnerability that was identified and fixed in version 4.2.4.
“This vulnerability could be used by an attacker to escalate their privileges from Nagios user/group to root for example by creating a malicious /etc/ld.so.preload file,” Golunski writes in a blog post.
The attackers rely on initiating the hack with CVE-2016-9566 to gain root privilege escalation. Thereafter, by leveraging CVE-2016-9565, they can take the full control of the system. The bug has apparently affected all the major versions previous the newly 4.2.4 release.
Users are recommended to install Nagios 4.2.4 on their systems to prevent any hacking issues.