CVE 2016-9566
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Related bugs and status
CVE-2016-9566 (Candidate) is related to these bugs:
Bug #1686768: Restricted contacts can see servers that do not belong to them
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1686768 | Restricted contacts can see servers that do not belong to them | nagios3 (Ubuntu) | Medium | Fix Released | ||
| 1686768 | Restricted contacts can see servers that do not belong to them | nagios3 (Ubuntu Trusty) | Medium | Fix Released | ||
| 1686768 | Restricted contacts can see servers that do not belong to them | nagios3 (Ubuntu Zesty) | Medium | Fix Released | ||
| 1686768 | Restricted contacts can see servers that do not belong to them | nagios3 (Ubuntu Xenial) | Medium | Fix Released | ||
| 1686768 | Restricted contacts can see servers that do not belong to them | nagios3 (Ubuntu Yakkety) | Medium | Fix Released | ||
Bug #1690380: "Cannot open log file '/var/log/nagios3/nagios.log' for reading" error from nagios web UI when view alert history etc.
See the 
CVE page on Mitre.org
for more details.
