ID FEDORA:6D6832123E Type fedora Reporter Fedora Modified 2012-02-21T01:32:04
Description
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. The plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.
{"id": "FEDORA:6D6832123E", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 16 Update: nagios-3.3.1-3.fc16", "description": "Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. The plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. ", "published": "2012-02-21T01:32:04", "modified": "2012-02-21T01:32:04", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "lastseen": "2020-12-21T08:17:50", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2179", "CVE-2011-1523"]}, {"type": "ubuntu", "idList": ["USN-1151-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863738", "OPENVAS:840682", "OPENVAS:865233", "OPENVAS:863986", "OPENVAS:863738", "OPENVAS:1361412562310863986", "OPENVAS:1361412562310840682", "OPENVAS:1361412562310865233", "OPENVAS:1361412562310801865", "OPENVAS:1361412562310103117"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11739"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-50.NASL", "FEDORA_2012-1592.NASL", "SUSE_11_4_NAGIOS-110706.NASL", "SUSE_11_NAGIOS-110706.NASL", "SUSE_NAGIOS-7624.NASL", "FEDORA_2012-1583.NASL", "SUSE_NAGIOS-7625.NASL", "SUSE_11_3_NAGIOS-110706.NASL", "UBUNTU_USN-1151-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:B6B1F209F4", "FEDORA:319DB21462"]}, {"type": "amazon", "idList": ["ALAS-2012-050"]}, {"type": "exploitdb", "idList": ["EDB-ID:35818"]}], "modified": "2020-12-21T08:17:50", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-12-21T08:17:50", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "16", "arch": "any", "packageName": "nagios", "packageVersion": "3.3.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-12-09T19:39:06", "description": "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.", "edition": 5, "cvss3": {}, "published": "2011-05-03T19:55:00", "title": "CVE-2011-1523", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1523"], "modified": "2011-09-22T03:30:00", "cpe": ["cpe:/a:nagios:nagios:1.0_b2", "cpe:/a:nagios:nagios:2.4", "cpe:/a:nagios:nagios:3.1.0", "cpe:/a:nagios:nagios:2.0rc2", "cpe:/a:nagios:nagios:3.0.4", "cpe:/a:nagios:nagios:2.3.1", "cpe:/a:nagios:nagios:2.7", "cpe:/a:nagios:nagios:1.0", "cpe:/a:nagios:nagios:1.0_b1", "cpe:/a:nagios:nagios:2.0", "cpe:/a:nagios:nagios:2.0b2", "cpe:/a:nagios:nagios:3.1.1", "cpe:/a:nagios:nagios:3.0.3", "cpe:/a:nagios:nagios:2.1", "cpe:/a:nagios:nagios:2.9", "cpe:/a:nagios:nagios:1.0b3", "cpe:/a:nagios:nagios:1.3", "cpe:/a:nagios:nagios:3.0.6", "cpe:/a:nagios:nagios:3.2.1", "cpe:/a:nagios:nagios:3.0", "cpe:/a:nagios:nagios:2.0b5", "cpe:/a:nagios:nagios:1.2", "cpe:/a:nagios:nagios:3.2.0", "cpe:/a:nagios:nagios:1.0b5", "cpe:/a:nagios:nagios:1.0b6", "cpe:/a:nagios:nagios:1.0_b3", "cpe:/a:nagios:nagios:3.0.5", "cpe:/a:nagios:nagios:2.11", "cpe:/a:nagios:nagios:2.3", "cpe:/a:nagios:nagios:2.0b3", "cpe:/a:nagios:nagios:1.0b2", "cpe:/a:nagios:nagios:3.0.2", "cpe:/a:nagios:nagios:2.0rc1", "cpe:/a:nagios:nagios:2.0b4", "cpe:/a:nagios:nagios:2.10", "cpe:/a:nagios:nagios:2.5", "cpe:/a:nagios:nagios:2.0b6", "cpe:/a:nagios:nagios:2.8", "cpe:/a:nagios:nagios:3.0.1", "cpe:/a:nagios:nagios:3.1.2", "cpe:/a:nagios:nagios:1.0b4", "cpe:/a:nagios:nagios:2.2", "cpe:/a:nagios:nagios:1.1", "cpe:/a:nagios:nagios:3.2.2", "cpe:/a:nagios:nagios:2.0b1", "cpe:/a:nagios:nagios:3.2.3", "cpe:/a:nagios:nagios:1.0b1", "cpe:/a:nagios:nagios:1.4", "cpe:/a:nagios:nagios:1.4.1"], "id": "CVE-2011-1523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1523", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:07", "description": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.", "edition": 5, "cvss3": {}, "published": "2011-06-14T17:55:00", "title": "CVE-2011-2179", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2179"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:icinga:icinga:1.0.3", "cpe:/a:icinga:icinga:0.8.3", "cpe:/a:icinga:icinga:1.0.1", "cpe:/a:icinga:icinga:0.8.2", "cpe:/a:icinga:icinga:1.3.0", "cpe:/a:icinga:icinga:1.2.0", "cpe:/a:icinga:icinga:0.8.1", "cpe:/a:icinga:icinga:0.8.4", "cpe:/a:icinga:icinga:1.0.2", "cpe:/a:icinga:icinga:1.3.1", "cpe:/a:icinga:icinga:0.8.0", "cpe:/a:nagios:nagios:3.2.3", "cpe:/a:icinga:icinga:1.4.0", "cpe:/a:icinga:icinga:1.2.1", "cpe:/a:icinga:icinga:1.0"], "id": "CVE-2011-2179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2179", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:37:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Stefan Schurtz discovered than Nagios did not properly sanitize its input \nwhen processing certain requests, resulting in cross-site scripting (XSS) \nvulnerabilities. With cross-site scripting vulnerabilities, if a user were \ntricked into viewing server output during a crafted server request, a \nremote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain.", "edition": 5, "modified": "2011-06-15T00:00:00", "published": "2011-06-15T00:00:00", "id": "USN-1151-1", "href": "https://ubuntu.com/security/notices/USN-1151-1", "title": "Nagios vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2018-01-06T13:07:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Check for the Version of nagios", "modified": "2018-01-05T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863986", "href": "http://plugins.openvas.org/nasl.php?oid=863986", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2012-1592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2012-1592\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network. It has the ability to send email or page alerts when a\n problem arises and when a problem is resolved. Nagios is written\n in C and is designed to run under Linux (and some other *NIX\n variants) as a background process, intermittently running checks\n on various services that you specify.\n\n The actual service checks are performed by separate "plugin" programs\n which return the status of the checks to Nagios. The plugins are\n available at <A HREF= &qt http://sourceforge.net/projects/nagiosplug. &qt >http://sourceforge.net/projects/nagiosplug.</A>\n\n This package provides the core program, web interface, and documentation\n files for Nagios. Development files are built as a separate package.\";\n\ntag_affected = \"nagios on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073499.html\");\n script_id(863986);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:48:57 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-1592\");\n script_name(\"Fedora Update for nagios FEDORA-2012-1592\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nagios\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.3.1~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-03T10:57:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Check for the Version of nagios", "modified": "2018-01-03T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:863738", "href": "http://plugins.openvas.org/nasl.php?oid=863738", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2012-1583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2012-1583\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network. It has the ability to send email or page alerts when a\n problem arises and when a problem is resolved. Nagios is written\n in C and is designed to run under Linux (and some other *NIX\n variants) as a background process, intermittently running checks\n on various services that you specify.\n\n The actual service checks are performed by separate "plugin" programs\n which return the status of the checks to Nagios. The plugins are\n available at <A HREF= &qt http://sourceforge.net/projects/nagiosplug. &qt >http://sourceforge.net/projects/nagiosplug.</A>\n\n This package provides the core program, web interface, and documentation\n files for Nagios. Development files are built as a separate package.\";\n\ntag_affected = \"nagios on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073498.html\");\n script_id(863738);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:54:45 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-1583\");\n script_name(\"Fedora Update for nagios FEDORA-2012-1583\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nagios\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL){\n exit(0);\n}\nif(release == \"FC15\")\n{\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.3.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:26:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1151-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:840682", "href": "http://plugins.openvas.org/nasl.php?oid=840682", "type": "openvas", "title": "Ubuntu Update for nagios3 USN-1151-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1151_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for nagios3 USN-1151-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Schurtz discovered than Nagios did not properly sanitize its input\n when processing certain requests, resulting in cross-site scripting (XSS)\n vulnerabilities. With cross-site scripting vulnerabilities, if a user were\n tricked into viewing server output during a crafted server request, a\n remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1151-1\";\ntag_affected = \"nagios3 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1151-1/\");\n script_id(840682);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1151-1\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_name(\"Ubuntu Update for nagios3 USN-1151-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.1-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.0-4ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310863738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863738", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2012-1583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2012-1583\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073498.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863738\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:54:45 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-1583\");\n script_name(\"Fedora Update for nagios FEDORA-2012-1583\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nagios'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"nagios on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.3.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863986", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2012-1592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2012-1592\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073499.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863986\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:48:57 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-1592\");\n script_name(\"Fedora Update for nagios FEDORA-2012-1592\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nagios'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"nagios on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.3.1~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1151-1", "modified": "2019-03-13T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:1361412562310840682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840682", "type": "openvas", "title": "Ubuntu Update for nagios3 USN-1151-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1151_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for nagios3 USN-1151-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1151-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840682\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1151-1\");\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_name(\"Ubuntu Update for nagios3 USN-1151-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1151-1\");\n script_tag(name:\"affected\", value:\"nagios3 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Stefan Schurtz discovered than Nagios did not properly sanitize its input\n when processing certain requests, resulting in cross-site scripting (XSS)\n vulnerabilities. With cross-site scripting vulnerabilities, if a user were\n tricked into viewing server output during a crafted server request, a\n remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.1-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.0-4ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.2.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-23T13:10:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2012-6096", "CVE-2011-2179"], "description": "Check for the Version of nagios", "modified": "2018-01-23T00:00:00", "published": "2013-01-24T00:00:00", "id": "OPENVAS:865233", "href": "http://plugins.openvas.org/nasl.php?oid=865233", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2013-0752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2013-0752\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network. It has the ability to send email or page alerts when a\n problem arises and when a problem is resolved. Nagios is written\n in C and is designed to run under Linux (and some other *NIX\n variants) as a background process, intermittently running checks\n on various services that you specify.\n\n The actual service checks are performed by separate "plugin" programs\n which return the status of the checks to Nagios. The plugins are\n available at http://sourceforge.net/projects/nagiosplug.\n\n This package provides the core program, web interface, and documentation\n files for Nagios. Development files are built as a separate package.\";\n\n\ntag_affected = \"nagios on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097249.html\");\n script_id(865233);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:14 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2012-6096\", \"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0752\");\n script_name(\"Fedora Update for nagios FEDORA-2013-0752\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nagios\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.4.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2012-6096", "CVE-2011-2179"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-24T00:00:00", "id": "OPENVAS:1361412562310865233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865233", "type": "openvas", "title": "Fedora Update for nagios FEDORA-2013-0752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios FEDORA-2013-0752\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097249.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865233\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:25:14 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2012-6096\", \"CVE-2011-1523\", \"CVE-2011-2179\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0752\");\n script_name(\"Fedora Update for nagios FEDORA-2013-0752\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nagios'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"nagios on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.4.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-27T19:22:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "description": "Nagios prone to a cross-site scripting vulnerability because it fails\nto properly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code\nin the browser of an unsuspecting user in the context of the affected\nsite. This may allow the attacker to steal cookie-based authentication\ncredentials and to launch other attacks.", "modified": "2020-04-23T00:00:00", "published": "2011-03-11T00:00:00", "id": "OPENVAS:1361412562310103117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103117", "type": "openvas", "title": "Nagios 'layer' Parameter Cross-Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nagios 'layer' Parameter Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nagios:nagios\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103117\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-11 13:29:22 +0100 (Fri, 11 Mar 2011)\");\n script_cve_id(\"CVE-2011-1523\");\n script_bugtraq_id(46826);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"Nagios 'layer' Parameter Cross-Site Scripting Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/46826\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"nagios_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"nagios/installed\");\n\n script_tag(name:\"summary\", value:\"Nagios prone to a cross-site scripting vulnerability because it fails\nto properly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code\nin the browser of an unsuspecting user in the context of the affected\nsite. This may allow the attacker to steal cookie-based authentication\ncredentials and to launch other attacks.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))exit(0);\n\nif(!vers = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif(version_in_range(version: vers, test_version:\"3.2\",test_version2:\"3.2.4\")) {\n report = report_fixed_ver(installed_version:vers, vulnerable_range:\"3.2 - 3.2.4\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-12T17:32:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "description": "This host is running Nagios and is prone to cross site scripting\nvulnerability.", "modified": "2020-05-08T00:00:00", "published": "2011-03-16T00:00:00", "id": "OPENVAS:1361412562310801865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801865", "type": "openvas", "title": "Nagios 'layer' Cross-Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nagios 'layer' Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nagios:nagios\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801865\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)\");\n script_bugtraq_id(46826);\n script_cve_id(\"CVE-2011-1523\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"Nagios 'layer' Cross-Site Scripting Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/43287\");\n script_xref(name:\"URL\", value:\"http://tracker.nagios.org/view.php?id=207\");\n script_xref(name:\"URL\", value:\"http://www.rul3z.de/advisories/SSCHADV2011-002.txt\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.org/files/view/99164/SSCHADV2011-002.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"nagios_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"nagios/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary\nHTML and script code in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Nagios versions 3.2.3 and prior.\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by improper validation of user-supplied input\npassed via the 'layer' parameter to cgi-bin/statusmap.cgi, which allows\nattackers to execute arbitrary HTML and script code on the web server.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Nagios version 3.3.1 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Nagios and is prone to cross site scripting\nvulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif (!port = get_app_port(cpe:CPE))\n exit(0);\n\nif (dir = get_app_location(cpe:CPE, port:port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/cgi-bin/statusmap.cgi?layer=%27%20onmouseover=%22alert\" +\n \"(%27vt-xss-test%27)%22\";\n\nif (http_vuln_check(port:port, url:url, check_header: TRUE, pattern:\"alert\\('vt-xss-test'\\)\")) {\n report = http_report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2011-06-19T00:00:00", "published": "2011-06-19T00:00:00", "id": "SECURITYVULNS:VULN:11739", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11739", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-01T06:35:09", "description": "Stefan Schurtz discovered than Nagios did not properly sanitize its\ninput when processing certain requests, resulting in cross-site\nscripting (XSS) vulnerabilities. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-16T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : nagios3 vulnerabilities (USN-1151-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1151-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1151-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55163);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n script_bugtraq_id(46826, 48087);\n script_xref(name:\"USN\", value:\"1151-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : nagios3 vulnerabilities (USN-1151-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Schurtz discovered than Nagios did not properly sanitize its\ninput when processing certain requests, resulting in cross-site\nscripting (XSS) vulnerabilities. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1151-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios3-cgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.2.0-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"nagios3-cgi\", pkgver:\"3.2.1-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.2.3-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios3-cgi\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:36:38", "description": "statusmap.cgi and config.cgi were prone to cross-site scripting (XSS)\nvulnerabilities (CVE-2011-1523, CVE-2011-2179).", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : nagios (openSUSE-SU-2011:0836-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:nagios-debugsource", "p-cpe:/a:novell:opensuse:nagios-www", "p-cpe:/a:novell:opensuse:nagios", "p-cpe:/a:novell:opensuse:nagios-debuginfo", "p-cpe:/a:novell:opensuse:nagios-devel"], "id": "SUSE_11_4_NAGIOS-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/75971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nagios-4839.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75971);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1523\", \"CVE-2011-2179\");\n\n script_name(english:\"openSUSE Security Update : nagios (openSUSE-SU-2011:0836-1)\");\n script_summary(english:\"Check for the nagios-4839 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"statusmap.cgi and config.cgi were prone to cross-site scripting (XSS)\nvulnerabilities (CVE-2011-1523, CVE-2011-2179).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nagios-3.2.3-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nagios-debuginfo-3.2.3-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nagios-debugsource-3.2.3-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nagios-devel-3.2.3-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nagios-www-3.2.3-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios / nagios-devel / nagios-www / nagios-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:07:57", "description": "statusmap.cgi was prone to a cross-site scripting (XSS) vulnerability\n(CVE-2011-1523).", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : nagios (openSUSE-SU-2011:0833-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nagios-www", "p-cpe:/a:novell:opensuse:nagios", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:nagios-devel"], "id": "SUSE_11_3_NAGIOS-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/75676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nagios-4838.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75676);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1523\");\n\n script_name(english:\"openSUSE Security Update : nagios (openSUSE-SU-2011:0833-1)\");\n script_summary(english:\"Check for the nagios-4838 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"statusmap.cgi was prone to a cross-site scripting (XSS) vulnerability\n(CVE-2011-1523).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nagios-3.2.1-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nagios-devel-3.2.1-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nagios-www-3.2.1-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios / nagios-devel / nagios-www\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:17:37", "description": "This update fixes and issue where statusmap.cgi was prone to a\ncross-site scripting (XSS) vulnerability. (CVE-2011-1523)", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : nagios (ZYPP Patch Number 7625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "modified": "2011-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NAGIOS-7625.NASL", "href": "https://www.tenable.com/plugins/nessus/57229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57229);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1523\");\n\n script_name(english:\"SuSE 10 Security Update : nagios (ZYPP Patch Number 7625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes and issue where statusmap.cgi was prone to a\ncross-site scripting (XSS) vulnerability. (CVE-2011-1523)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1523.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7625.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nagios-2.6-13.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nagios-www-2.6-13.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:41:44", "description": "statusmap.cgi was prone to a cross-site scripting (XSS) vulnerability.\n(CVE-2011-1523)", "edition": 21, "published": "2011-07-12T00:00:00", "title": "SuSE 11.1 Security Update : nagios (SAT Patch Number 4849)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "modified": "2011-07-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:nagios", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:nagios-www"], "id": "SUSE_11_NAGIOS-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/55565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55565);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1523\");\n\n script_name(english:\"SuSE 11.1 Security Update : nagios (SAT Patch Number 4849)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"statusmap.cgi was prone to a cross-site scripting (XSS) vulnerability.\n(CVE-2011-1523)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1523.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4849.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"nagios-3.0.6-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"nagios-www-3.0.6-1.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:17:37", "description": "The following bug has been fixed :\n\n - statusmap.cgi was prone to a cross-site scripting (XSS)\n vulnerability. (CVE-2011-1523)", "edition": 23, "published": "2011-07-26T00:00:00", "title": "SuSE 10 Security Update : nagios (ZYPP Patch Number 7624)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1523"], "modified": "2011-07-26T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NAGIOS-7624.NASL", "href": "https://www.tenable.com/plugins/nessus/55687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55687);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1523\");\n\n script_name(english:\"SuSE 10 Security Update : nagios (ZYPP Patch Number 7624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bug has been fixed :\n\n - statusmap.cgi was prone to a cross-site scripting (XSS)\n vulnerability. (CVE-2011-1523)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1523.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nagios-2.6-13.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nagios-www-2.6-13.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:07", "description": "Move the nagios-common's usermod line to the main nagios package. Add\nphp to the requirements list Update to version 3.3.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2012-02-21T00:00:00", "title": "Fedora 16 : nagios-3.3.1-3.fc16 (2012-1592)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2179"], "modified": "2012-02-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:nagios"], "id": "FEDORA_2012-1592.NASL", "href": "https://www.tenable.com/plugins/nessus/58049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1592.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58049);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2179\");\n script_bugtraq_id(48087);\n script_xref(name:\"FEDORA\", value:\"2012-1592\");\n\n script_name(english:\"Fedora 16 : nagios-3.3.1-3.fc16 (2012-1592)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Move the nagios-common's usermod line to the main nagios package. Add\nphp to the requirements list Update to version 3.3.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=519371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=627527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=690880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=690881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=756839\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073499.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2a6a640\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"nagios-3.3.1-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:07", "description": "Move the nagios-common's usermod line to the main nagios package Add\nphp to the requirements list Update to version 3.3.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2012-02-21T00:00:00", "title": "Fedora 15 : nagios-3.3.1-3.fc15 (2012-1583)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2179"], "modified": "2012-02-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:nagios"], "id": "FEDORA_2012-1583.NASL", "href": "https://www.tenable.com/plugins/nessus/58048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1583.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58048);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2179\");\n script_bugtraq_id(48087);\n script_xref(name:\"FEDORA\", value:\"2012-1583\");\n\n script_name(english:\"Fedora 15 : nagios-3.3.1-3.fc15 (2012-1583)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Move the nagios-common's usermod line to the main nagios package Add\nphp to the requirements list Update to version 3.3.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=519371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=627527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=690880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=690881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=756839\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78c2c30c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"nagios-3.3.1-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T01:18:12", "description": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in\nconfig.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow\nremote attackers to inject arbitrary web script or HTML via the expand\nparameter, as demonstrated by an (a) command action or a (b) hosts\naction.", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : nagios (ALAS-2012-50)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2179"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nagios-common", "p-cpe:/a:amazon:linux:nagios", "p-cpe:/a:amazon:linux:nagios-devel", "p-cpe:/a:amazon:linux:nagios-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-50.NASL", "href": "https://www.tenable.com/plugins/nessus/69657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-50.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69657);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-2179\");\n script_xref(name:\"ALAS\", value:\"2012-50\");\n\n script_name(english:\"Amazon Linux AMI : nagios (ALAS-2012-50)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple cross-site scripting (XSS) vulnerabilities in config.c in\nconfig.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow\nremote attackers to inject arbitrary web script or HTML via the expand\nparameter, as demonstrated by an (a) command action or a (b) hosts\naction.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-50.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nagios' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nagios-3.3.1-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-common-3.3.1-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-debuginfo-3.3.1-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nagios-devel-3.3.1-3.4.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios / nagios-common / nagios-debuginfo / nagios-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1523", "CVE-2011-2179"], "description": "Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. The plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. ", "modified": "2012-02-21T01:31:11", "published": "2012-02-21T01:31:11", "id": "FEDORA:319DB21462", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: nagios-3.3.1-3.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1523", "CVE-2011-2179", "CVE-2012-6096"], "description": "Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. The plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. ", "modified": "2013-01-23T01:29:55", "published": "2013-01-23T01:29:55", "id": "FEDORA:B6B1F209F4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: nagios-3.4.4-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2179"], "description": "**Issue Overview:**\n\nMultiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.\n\n \n**Affected Packages:** \n\n\nnagios\n\n \n**Issue Correction:** \nRun _yum update nagios_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n nagios-debuginfo-3.3.1-3.4.amzn1.i686 \n nagios-3.3.1-3.4.amzn1.i686 \n nagios-devel-3.3.1-3.4.amzn1.i686 \n nagios-common-3.3.1-3.4.amzn1.i686 \n \n src: \n nagios-3.3.1-3.4.amzn1.src \n \n x86_64: \n nagios-common-3.3.1-3.4.amzn1.x86_64 \n nagios-devel-3.3.1-3.4.amzn1.x86_64 \n nagios-3.3.1-3.4.amzn1.x86_64 \n nagios-debuginfo-3.3.1-3.4.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-03-04T16:10:00", "published": "2012-03-04T16:10:00", "id": "ALAS-2012-050", "href": "https://alas.aws.amazon.com/ALAS-2012-50.html", "title": "Medium: nagios", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-04T02:05:09", "description": "Nagios 3.2.3 'expand' Parameter Cross Site Scripting Vulnerability. CVE-2011-2179 . Remote exploits for multiple platform", "published": "2011-06-01T00:00:00", "type": "exploitdb", "title": "Nagios 3.2.3 'expand' Parameter Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2179"], "modified": "2011-06-01T00:00:00", "id": "EDB-ID:35818", "href": "https://www.exploit-db.com/exploits/35818/", "sourceData": "source: http://www.securityfocus.com/bid/48087/info\r\n\r\nNagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nNagios 3.2.3 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<script>alert(String.fromCharCode(88,83,83))</script>\r\nhttp://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<body onload=alert(666)>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/35818/"}]}
