Page 2 of 12 results (0.003 seconds)

CVSS: 7.8EPSS: 92%CPEs: 1EXPL: 2

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos usando CVE-2016-9565. A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the 'nagios' user/group) could use this flaw to elevate their privileges to root. • https://www.exploit-db.com/exploits/40921 http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/Dec/58 http://www.securityfocus.com/bid/94919 http://www.securitytracker.com/id/103748 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 3

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentación Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparación de CVE-2008-4796. It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. • https://www.exploit-db.com/exploits/40920 http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 5.0EPSS: 4%CPEs: 20EXPL: 0

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. Desbordamiento de buffer basado en pila en la función cmd_submitf en cgi/cmd.c en Nagios Core, posiblemente 4.0.3rc1 y anteriores e Icinga anterior a 1.8.6, 1.9 anterior a 1.9.5 y 1.10 anterior a 1.10.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un mensaje largo hacia cmd.cgi. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html http://secunia.com/advisories/57024 http://www.securityfocus.com/bid/65605 https://bugzilla.redhat.com/show_bug.cgi?id=1066578 https://dev.icinga.org/issues/5434 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 39EXPL: 0

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. status.cgi en Nagios 4.0 anterior a 4.0 beta4 y 3.x anterior a 3.5.1 no restringe adecuadamente el acceso a ciertos usuarios que son un contacto para un servicio, lo que permite a usuarios remotos autenticados obtener información sensible sobre nombres de host a través del Servicegroup (1) Overview, (2) Summary o (3) Grid Style en status.cgi. NOTA: esta conducta es por diseño en la mayoría de las versiones 3.x, no obstante el fabricante "decidió cambiarlo por Nagios 4" y 3.5.1. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html http://seclists.org/oss-sec/2013/q2/619 http://seclists.org/oss-sec/2013/q2/622 http://tracker.nagios.org/view.php?id=456 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 1%CPEs: 36EXPL: 0

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. Error de superación de límite (off-by-one) en la función process_cgivars en contrib/daemonchk.c en Nagios Core 3.5.1, 4.0.2 y anteriores, permite a usuarios autenticados remotamente obtener información sensible desde procesos de memoria o causar denegación de servicio (caída) a través de cadenas largas en el valor de la última clave en la lista de variables, lo cual lanza una sobre-lectura de buffer basada en memoria dinámica. • http://secunia.com/advisories/55976 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories?name=MDVSA-2014:004 http://www.openwall.com/lists/oss-security/2013/12/24/1 http://www.securityfocus.com/bid/64489 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •