CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%
Issue Overview:
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.
A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the “nagios” user/group) could use this flaw to elevate their privileges to root.
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Affected Packages:
nagios
Issue Correction:
Run yum update nagios to update your system.
New Packages:
i686:
nagios-devel-3.5.1-2.10.amzn1.i686
nagios-common-3.5.1-2.10.amzn1.i686
nagios-debuginfo-3.5.1-2.10.amzn1.i686
nagios-3.5.1-2.10.amzn1.i686
src:
nagios-3.5.1-2.10.amzn1.src
x86_64:
nagios-3.5.1-2.10.amzn1.x86_64
nagios-common-3.5.1-2.10.amzn1.x86_64
nagios-debuginfo-3.5.1-2.10.amzn1.x86_64
nagios-devel-3.5.1-2.10.amzn1.x86_64
Red Hat: CVE-2008-4796, CVE-2008-7313, CVE-2013-4214, CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2014-5008, CVE-2014-5009, CVE-2016-9566
Mitre: CVE-2008-4796, CVE-2008-7313, CVE-2013-4214, CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2014-5008, CVE-2014-5009, CVE-2016-9566
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | nagios-devel | < 3.5.1-2.10.amzn1 | nagios-devel-3.5.1-2.10.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios-common | < 3.5.1-2.10.amzn1 | nagios-common-3.5.1-2.10.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios-debuginfo | < 3.5.1-2.10.amzn1 | nagios-debuginfo-3.5.1-2.10.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios | < 3.5.1-2.10.amzn1 | nagios-3.5.1-2.10.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | nagios | < 3.5.1-2.10.amzn1 | nagios-3.5.1-2.10.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios-common | < 3.5.1-2.10.amzn1 | nagios-common-3.5.1-2.10.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios-debuginfo | < 3.5.1-2.10.amzn1 | nagios-debuginfo-3.5.1-2.10.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios-devel | < 3.5.1-2.10.amzn1 | nagios-devel-3.5.1-2.10.amzn1.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%