Search...

CVE-2014-5008

2017-03-31T12:59:00

ID CVE-2014-5008
Type cve
Reporter NVD
Modified 2017-04-04T12:57:06

Description

Snoopy allows remote attackers to execute arbitrary commands.

JSON Vulners Source

Initial Source

{"type": "cve", "published": "2017-03-31T12:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5008", "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "cf54df003340eb25f17a46ab33cd7531"}, {"key": "cvelist", "hash": "db39734b4c4167c20f714a8f95b64342"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "da1e2fa80bf6d515b0d7bc772059d2a6"}, {"key": "href", "hash": "b3204edfdc166afb0864012fe3681e5b"}, {"key": "modified", "hash": "822278a1ee43823126de37aeb9189e9c"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "9153cc47544d466f3cb76164d2c49629"}, {"key": "references", "hash": "846bd16d3e376361308b39f81ac9e4f2"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "def266052f7b7adb0028eddcc8f68c3e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "bulletinFamily": "NVD", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "scanner": [], "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "cpe": ["cpe:/a:redhat:openstack:6.0", "cpe:/a:redhat:openstack:5.0", "cpe:/a:snoopy:snoopy:-", "cpe:/o:debian:debian_linux:7.0"], "reporter": "NVD", "title": "CVE-2014-5008", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14434", "SECURITYVULNS:DOC:31982"]}, {"type": "openvas", "idList": ["OPENVAS:703248", "OPENVAS:1361412562310703248"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3248.NASL", "DEBIAN_DLA-357.NASL", "ALA_ALAS-2017-899.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3248-1:D3C86", "DEBIAN:DLA-357-1:D7359"]}, {"type": "redhat", "idList": ["RHSA-2017:0212", "RHSA-2017:0211", "RHSA-2017:0213", "RHSA-2017:0214"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}], "modified": "2017-04-18T15:55:10"}, "vulnersScore": 7.5}, "references": ["http://www.openwall.com/lists/oss-security/2014/07/16/10", "http://rhn.redhat.com/errata/RHSA-2017-0213.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1121497", "http://www.openwall.com/lists/oss-security/2014/07/18/2", "http://rhn.redhat.com/errata/RHSA-2017-0211.html", "http://www.securityfocus.com/bid/68419", "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28", "http://rhn.redhat.com/errata/RHSA-2017-0212.html", "http://www.debian.org/security/2015/dsa-3248", "http://www.openwall.com/lists/oss-security/2016/12/21/8", "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264", "http://rhn.redhat.com/errata/RHSA-2017-0214.html"], "assessment": {"system": "", "href": "", "name": ""}, "id": "CVE-2014-5008", "hash": "1c0494437c35e138c1c195b423cd17d929863d8fd7e195ecab1849d5dffc8c2b", "lastseen": "2017-04-18T15:55:10", "cvelist": ["CVE-2014-5008"], "modified": "2017-04-04T12:57:06", "description": "Snoopy allows remote attackers to execute arbitrary commands."}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "No description provided", "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:VULN:14434", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14434", "title": "libphp-snoopy code execution", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3248-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 02, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libphp-snoopy\r\nCVE ID : CVE-2014-5008\r\n\r\nIt was discovered that missing input saniting in Snoopy, a PHP class that\r\nsimulates a web browser may result in the execution of arbitrary\r\ncommands.\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 2.0.0-1~deb7u1.\r\n\r\nFor the stable distribution (jessie), this problem was fixed before\r\nthe initial release.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.0.0-1.\r\n\r\nWe recommend that you upgrade your libphp-snoopy packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVROUMAAoJEBDCk7bDfE42XrEP/16o0GPydhCLM42QV9MrMf+Y\r\n09vmbl89bRhM84WVAtCRu9ERODWVBujyQiXziHJQD7ZZR/p/8zcJmfkAv7uNyJSh\r\nyzlVjo2YZz7j+IBWxNIqDzD+fngbeWrYlOnWD8agKXHsqoRdoa3veEuMQMj/fNkj\r\nZcfdT1b8mtim93m09sDfvuWuXJ08OkPcDcJRG5qksYMVRW7CYuzM/8kMLWQ65cLz\r\nEp0rIiQckrYZekWVxxZhWCd3Ks334pI1B4SzoUmosLLW7CnymlTl6aY0x/W9NeU+\r\nQFTz5EUJ/kWXapFH0HaT6nr0/D2bxvbWGye0s4zvN0ZLbIaStB3HfQyk3utPEcdt\r\nPHiWW/RodsT8yMbTWSO/B0V+1uwO1nEQl7ng6+/nApg0Idi8JpSB26n7Mf794Nzk\r\n0ms/fYsjPqyamB3+AsVSqIf/yqeH0YkmK4TIdNbQIvc55HQ/OXGPeW5SiU0M4RaB\r\n7Nv3psV7rjdE1rcgkpYmb0L1RstFmTnoygfDVZtrNgT5nk37MkdUnN5JwXtMzw0e\r\nTZ5Mfn3NAMqnCQOWZOG37pnYU4LbGMLGkZUAoPiXPxoH1iKyK+nHyZmzzvLalm+r\r\nG+riXBYU2cOOV3zlGF6HjuHVeqmmETxRCPIhREZw6vXj9GwpLO4H0NjjjPy4k7yg\r\nQeP1pJ9j8+2G5qTciLOH\r\n=bgHd\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:DOC:31982", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31982", "title": "[SECURITY] [DSA 3248-1] libphp-snoopy security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:23", "bulletinFamily": "scanner", "description": "It was discovered that missing\ninput saniting in Snoopy, a PHP class that simulates a web browser may\nresult in the execution of arbitrary commands.", "modified": "2018-04-06T00:00:00", "published": "2015-05-02T00:00:00", "id": "OPENVAS:1361412562310703248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703248", "title": "Debian Security Advisory DSA 3248-1 (libphp-snoopy - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3248.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3248-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703248\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2014-5008\");\n script_name(\"Debian Security Advisory DSA 3248-1 (libphp-snoopy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-02 00:00:00 +0200 (Sat, 02 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3248.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libphp-snoopy on Debian Linux\");\n script_tag(name: \"insight\", value: \"It automates the task of retrieving\nweb page content and posting forms, for example.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 2.0.0-1~deb7u1.\n\nFor the stable distribution (jessie), this problem was fixed before\nthe initial release.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that missing\ninput saniting in Snoopy, a PHP class that simulates a web browser may\nresult in the execution of arbitrary commands.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libphp-snoopy\", ver:\"2.0.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:29", "bulletinFamily": "scanner", "description": "It was discovered that missing\ninput saniting in Snoopy, a PHP class that simulates a web browser may\nresult in the execution of arbitrary commands.", "modified": "2017-07-07T00:00:00", "published": "2015-05-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703248", "id": "OPENVAS:703248", "title": "Debian Security Advisory DSA 3248-1 (libphp-snoopy - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3248.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3248-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703248);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-5008\");\n script_name(\"Debian Security Advisory DSA 3248-1 (libphp-snoopy - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-02 00:00:00 +0200 (Sat, 02 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3248.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libphp-snoopy on Debian Linux\");\n script_tag(name: \"insight\", value: \"It automates the task of retrieving\nweb page content and posting forms, for example.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 2.0.0-1~deb7u1.\n\nFor the stable distribution (jessie), this problem was fixed before\nthe initial release.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that missing\ninput saniting in Snoopy, a PHP class that simulates a web browser may\nresult in the execution of arbitrary commands.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libphp-snoopy\", ver:\"2.0.0-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:25", "bulletinFamily": "scanner", "description": "It was discovered that missing input saniting in Snoopy, a PHP class\nthat simulates a web browser may result in the execution of arbitrary\ncommands.", "modified": "2018-11-10T00:00:00", "published": "2015-05-05T00:00:00", "id": "DEBIAN_DSA-3248.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83234", "title": "Debian DSA-3248-1 : libphp-snoopy - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3248. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83234);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-5008\");\n script_bugtraq_id(68419);\n script_xref(name:\"DSA\", value:\"3248\");\n\n script_name(english:\"Debian DSA-3248-1 : libphp-snoopy - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that missing input saniting in Snoopy, a PHP class\nthat simulates a web browser may result in the execution of arbitrary\ncommands.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libphp-snoopy\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3248\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libphp-snoopy packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.0-1~deb7u1.\n\nFor the stable distribution (jessie), this problem was fixed before\nthe initial release.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-snoopy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libphp-snoopy\", reference:\"2.0.0-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:48", "bulletinFamily": "scanner", "description": "It was discovered that missing input sanitizing in Snoopy, a PHP class\nthat simulates a web browser may result in the execution of arbitrary\ncommands.\n\nFor the oldoldstable distribution (squeeze-lts), this problem has been\nfixed in version 2.0.0-1~deb6u1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2018-07-06T00:00:00", "published": "2015-12-01T00:00:00", "id": "DEBIAN_DLA-357.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87112", "title": "Debian DLA-357-1 : libphp-snoopy security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-357-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87112);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2008-7313\", \"CVE-2014-5008\");\n script_bugtraq_id(68419, 68776);\n\n script_name(english:\"Debian DLA-357-1 : libphp-snoopy security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that missing input sanitizing in Snoopy, a PHP class\nthat simulates a web browser may result in the execution of arbitrary\ncommands.\n\nFor the oldoldstable distribution (squeeze-lts), this problem has been\nfixed in version 2.0.0-1~deb6u1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libphp-snoopy\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libphp-snoopy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-snoopy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libphp-snoopy\", reference:\"2.0.0-1~deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:29:15", "bulletinFamily": "scanner", "description": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c\nin Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before\n1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote\nattackers to cause a denial of service (segmentation fault) via a long\nmessage to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library\nincluded with Nagios. These flaws allowed remote attackers to execute\narbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log\nfiles. An attacker able to control the Nagios logging configuration\n(the 'nagios' user/group) could use this flaw to elevate their\nprivileges to root.\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when\nMAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary\nfiles via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3\nand earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara,\n(4) mediamate, (5) opendb, (6) pixelpost, and possibly other products,\nallows remote attackers to execute arbitrary commands via shell\nmetacharacters in https URLs.", "modified": "2018-04-18T00:00:00", "published": "2017-10-04T00:00:00", "id": "ALA_ALAS-2017-899.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103651", "title": "Amazon Linux AMI : nagios (ALAS-2017-899)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-899.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103651);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2008-4796\", \"CVE-2008-7313\", \"CVE-2013-4214\", \"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2014-5008\", \"CVE-2014-5009\", \"CVE-2016-9566\");\n script_xref(name:\"ALAS\", value:\"2017-899\");\n\n script_name(english:\"Amazon Linux AMI : nagios (ALAS-2017-899)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c\nin Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before\n1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote\nattackers to cause a denial of service (segmentation fault) via a long\nmessage to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library\nincluded with Nagios. These flaws allowed remote attackers to execute\narbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log\nfiles. An attacker able to control the Nagios logging configuration\n(the 'nagios' user/group) could use this flaw to elevate their\nprivileges to root.\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when\nMAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary\nfiles via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3\nand earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara,\n(4) mediamate, (5) opendb, (6) pixelpost, and possibly other products,\nallows remote attackers to execute arbitrary commands via shell\nmetacharacters in https URLs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-899.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nagios' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nagios-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-common-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-debuginfo-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-devel-3.5.1-2.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios / nagios-common / nagios-debuginfo / nagios-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:15:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3248-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 02, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libphp-snoopy\nCVE ID : CVE-2014-5008\n\nIt was discovered that missing input saniting in Snoopy, a PHP class that\nsimulates a web browser may result in the execution of arbitrary\ncommands.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.0-1~deb7u1.\n\nFor the stable distribution (jessie), this problem was fixed before\nthe initial release.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-05-02T14:55:17", "published": "2015-05-02T14:55:17", "id": "DEBIAN:DSA-3248-1:D3C86", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00136.html", "title": "[SECURITY] [DSA 3248-1] libphp-snoopy security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:05", "bulletinFamily": "unix", "description": "Package : libphp-snoopy\nVersion : 2.0.0-1~deb6u1\nCVE ID : CVE-2008-7313 CVE-2014-5008\nDebian Bug : 778634\n\nIt was discovered that missing input sanitizing in Snoopy, a PHP class that\nsimulates a web browser may result in the execution of arbitrary\ncommands.\n\nFor the oldoldstable distribution (squeeze-lts), this problem has been fixed\nin version 2.0.0-1~deb6u1.\n\nWe recommend that you upgrade your libphp-snoopy packages.\n", "modified": "2015-11-30T22:44:16", "published": "2015-11-30T22:44:16", "id": "DEBIAN:DLA-357-1:D7359", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201511/msg00018.html", "title": "[SECURITY] [DLA 357-1] libphp-snoopy security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:19", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-06-07T02:47:59", "published": "2017-01-31T10:22:48", "id": "RHSA-2017:0212", "href": "https://access.redhat.com/errata/RHSA-2017:0212", "type": "redhat", "title": "(RHSA-2017:0212) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:31", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:26:43", "published": "2017-01-31T10:22:48", "id": "RHSA-2017:0211", "href": "https://access.redhat.com/errata/RHSA-2017:0211", "type": "redhat", "title": "(RHSA-2017:0211) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:26", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:27:00", "published": "2017-01-31T10:22:53", "id": "RHSA-2017:0213", "href": "https://access.redhat.com/errata/RHSA-2017:0213", "type": "redhat", "title": "(RHSA-2017:0213) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:05", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:27:14", "published": "2017-01-31T10:22:54", "id": "RHSA-2017:0214", "href": "https://access.redhat.com/errata/RHSA-2017:0214", "type": "redhat", "title": "(RHSA-2017:0214) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:13", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the \"nagios\" user/group) could use this flaw to elevate their privileges to root.\n\nOff-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.\n\n \n**Affected Packages:** \n\n\nnagios\n\n \n**Issue Correction:** \nRun _yum update nagios_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nagios-devel-3.5.1-2.10.amzn1.i686 \n nagios-common-3.5.1-2.10.amzn1.i686 \n nagios-debuginfo-3.5.1-2.10.amzn1.i686 \n nagios-3.5.1-2.10.amzn1.i686 \n \n src: \n nagios-3.5.1-2.10.amzn1.src \n \n x86_64: \n nagios-3.5.1-2.10.amzn1.x86_64 \n nagios-common-3.5.1-2.10.amzn1.x86_64 \n nagios-debuginfo-3.5.1-2.10.amzn1.x86_64 \n nagios-devel-3.5.1-2.10.amzn1.x86_64 \n \n \n", "modified": "2017-10-03T11:00:00", "published": "2017-10-03T11:00:00", "id": "ALAS-2017-899", "href": "https://alas.aws.amazon.com/ALAS-2017-899.html", "title": "Important: nagios", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}