CVE-2016-9565 – Nagios < 4.2.2 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2016-9565
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentación Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparación de CVE-2008-4796. It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. • https://www.exploit-db.com/exploits/40920 http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVE-2014-1878
https://notcve.org/view.php?id=CVE-2014-1878
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. Desbordamiento de buffer basado en pila en la función cmd_submitf en cgi/cmd.c en Nagios Core, posiblemente 4.0.3rc1 y anteriores e Icinga anterior a 1.8.6, 1.9 anterior a 1.9.5 y 1.10 anterior a 1.10.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un mensaje largo hacia cmd.cgi. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html http://secunia.com/advisories/57024 http://www.securityfocus.com/bid/65605 https://bugzilla.redhat.com/show_bug.cgi?id=1066578 https://dev.icinga.org/issues/5434 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7205
https://notcve.org/view.php?id=CVE-2013-7205
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. Error de superación de límite (off-by-one) en la función process_cgivars en contrib/daemonchk.c en Nagios Core 3.5.1, 4.0.2 y anteriores, permite a usuarios autenticados remotamente obtener información sensible desde procesos de memoria o causar denegación de servicio (caída) a través de cadenas largas en el valor de la última clave en la lista de variables, lo cual lanza una sobre-lectura de buffer basada en memoria dinámica. • http://secunia.com/advisories/55976 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories?name=MDVSA-2014:004 http://www.openwall.com/lists/oss-security/2013/12/24/1 http://www.securityfocus.com/bid/64489 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7108 – Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-7108
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. Múltiples errores de superación de límite (off-by-one) en Nagios Core 3.5.1, 4.0.2 y anteriores, e Icinga anteriores a 1.8.5, 1.9 anteriores a 1.9.4 y 1.10 anteriores a 1.10.2 permite a usuarios autenticados remotamente obtener información sensible de procesos de memoria o causar denegación de servicio (caída) a través de una adena larga en el valor de la última clave en la lista de variables de la función process_cgivars en (1) avail.c, (2) cmd.c, (3) config.c, 84) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, y (11) trends.c en cgi/, lo cual lanza una sobre-lectura de buffer basado en memoria dinámica. • https://www.exploit-db.com/exploits/38882 http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html http://secunia.com/advisories/55976 http://secunia.com/advisories/56316 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories& • CWE-20: Improper Input Validation •
CVE-2013-4214 – core: html/rss-newsfeed.php insecure temporary file usage
https://notcve.org/view.php?id=CVE-2013-4214
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. rss-newsfeed.php en Nagios Core 3.4.4, 3.5.1, y anteriores versiones, cuando se establece MAGPIE_CACHE_ON en 1, permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque symlink en /tmp/magpie_cache. • http://rhn.redhat.com/errata/RHSA-2013-1526.html http://www.securityfocus.com/bid/61747 https://bugzilla.redhat.com/show_bug.cgi?id=958002 https://www.nagios.org/projects/nagios-core/history/4x https://access.redhat.com/security/cve/CVE-2013-4214 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •