{"redhat": [{"lastseen": "2018-12-11T17:43:31", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:26:43", "published": "2017-01-31T10:22:48", "id": "RHSA-2017:0211", "href": "https://access.redhat.com/errata/RHSA-2017:0211", "type": "redhat", "title": "(RHSA-2017:0211) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:26", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:27:00", "published": "2017-01-31T10:22:53", "id": "RHSA-2017:0213", "href": "https://access.redhat.com/errata/RHSA-2017:0213", "type": "redhat", "title": "(RHSA-2017:0213) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:43:19", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-06-07T02:47:59", "published": "2017-01-31T10:22:48", "id": "RHSA-2017:0212", "href": "https://access.redhat.com/errata/RHSA-2017:0212", "type": "redhat", "title": "(RHSA-2017:0212) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:05", "bulletinFamily": "unix", "description": "Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.\n\nSecurity Fix(es):\n\n* Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)\n\n* It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565)\n\n* A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566)\n\nRed Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566.", "modified": "2018-03-19T16:27:14", "published": "2017-01-31T10:22:54", "id": "RHSA-2017:0214", "href": "https://access.redhat.com/errata/RHSA-2017:0214", "type": "redhat", "title": "(RHSA-2017:0214) Important: nagios security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:13", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the \"nagios\" user/group) could use this flaw to elevate their privileges to root.\n\nOff-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.\n\n \n**Affected Packages:** \n\n\nnagios\n\n \n**Issue Correction:** \nRun _yum update nagios_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nagios-devel-3.5.1-2.10.amzn1.i686 \n nagios-common-3.5.1-2.10.amzn1.i686 \n nagios-debuginfo-3.5.1-2.10.amzn1.i686 \n nagios-3.5.1-2.10.amzn1.i686 \n \n src: \n nagios-3.5.1-2.10.amzn1.src \n \n x86_64: \n nagios-3.5.1-2.10.amzn1.x86_64 \n nagios-common-3.5.1-2.10.amzn1.x86_64 \n nagios-debuginfo-3.5.1-2.10.amzn1.x86_64 \n nagios-devel-3.5.1-2.10.amzn1.x86_64 \n \n \n", "modified": "2017-10-03T11:00:00", "published": "2017-10-03T11:00:00", "id": "ALAS-2017-899", "href": "https://alas.aws.amazon.com/ALAS-2017-899.html", "title": "Important: nagios", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:29:15", "bulletinFamily": "scanner", "description": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c\nin Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before\n1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote\nattackers to cause a denial of service (segmentation fault) via a long\nmessage to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library\nincluded with Nagios. These flaws allowed remote attackers to execute\narbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log\nfiles. An attacker able to control the Nagios logging configuration\n(the 'nagios' user/group) could use this flaw to elevate their\nprivileges to root.\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when\nMAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary\nfiles via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3\nand earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara,\n(4) mediamate, (5) opendb, (6) pixelpost, and possibly other products,\nallows remote attackers to execute arbitrary commands via shell\nmetacharacters in https URLs.", "modified": "2018-04-18T00:00:00", "published": "2017-10-04T00:00:00", "id": "ALA_ALAS-2017-899.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103651", "title": "Amazon Linux AMI : nagios (ALAS-2017-899)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-899.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103651);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2008-4796\", \"CVE-2008-7313\", \"CVE-2013-4214\", \"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2014-5008\", \"CVE-2014-5009\", \"CVE-2016-9566\");\n script_xref(name:\"ALAS\", value:\"2017-899\");\n\n script_name(english:\"Amazon Linux AMI : nagios (ALAS-2017-899)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c\nin Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before\n1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote\nattackers to cause a denial of service (segmentation fault) via a long\nmessage to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library\nincluded with Nagios. These flaws allowed remote attackers to execute\narbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log\nfiles. An attacker able to control the Nagios logging configuration\n(the 'nagios' user/group) could use this flaw to elevate their\nprivileges to root.\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when\nMAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary\nfiles via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3\nand earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara,\n(4) mediamate, (5) opendb, (6) pixelpost, and possibly other products,\nallows remote attackers to execute arbitrary commands via shell\nmetacharacters in https URLs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-899.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nagios' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nagios-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-common-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-debuginfo-3.5.1-2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-devel-3.5.1-2.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios / nagios-common / nagios-debuginfo / nagios-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
