Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2021-B5E897A2E5.NASLHistoryMar 08, 2021 - 12:00 a.m.
Fedora 32 : nagios (2021-b5e897a2e5)
2021-03-0800:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.2 High
AI Score
Confidence
High
The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-b5e897a2e5 advisory.
- Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. (CVE-2020-13977)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2021-b5e897a2e5
#
include('compat.inc');
if (description)
{
script_id(147185);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/12");
script_cve_id("CVE-2020-13977");
script_xref(name:"FEDORA", value:"2021-b5e897a2e5");
script_name(english:"Fedora 32 : nagios (2021-b5e897a2e5)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2021-b5e897a2e5 advisory.
- Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs
configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the
archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly
associated with CVE-2020-1408. (CVE-2020-13977)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2021-b5e897a2e5");
script_set_attribute(attribute:"solution", value:
"Update the affected nagios package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13977");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nagios");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
pkgs = [
{'reference':'nagios-4.4.6-3.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nagios');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 32 | cpe:/o:fedoraproject:fedora:32 |
| fedoraproject | fedora | nagios | p-cpe:/a:fedoraproject:fedora:nagios |
Related
osv
osv
CVE-2020-13977
2020-06-09 14:15:10
ubuntucve
ubuntucve
CVE-2020-13977
2020-06-09 00:00:00
nessus
nessus
Fedora 33 : nagios (2021-5689072a7e)
2021-03-08 00:00:00
openSUSE Security Update : nagios (openSUSE-2021-715)
2021-05-18 00:00:00
KB4565529: Windows Server 2008 July 2020 Security Update
2020-07-14 00:00:00
cve
cve
CVE-2020-13977
2020-06-09 14:15:00
CVE-2020-1408
2020-07-14 23:15:00
prion
prion
Code injection
2020-06-09 14:15:00
Remote code execution
2020-07-14 23:15:00
debiancve
debiancve
CVE-2020-13977
2020-06-09 14:15:00
cvelist
cvelist
CVE-2020-13977
2020-06-09 13:06:56
CVE-2020-1408
2020-07-14 22:54:30
openvas
openvas
Nagios Core < 4.4.6 Multiple Vulnerabilities
2020-06-15 00:00:00
Fedora: Security Advisory for nagios (FEDORA-2021-5689072a7e)
2021-03-08 00:00:00
Fedora: Security Advisory for nagios (FEDORA-2021-01a2f76cc3)
2021-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nagios-4.4.6-3.fc33
2021-03-07 13:53:22
[SECURITY] Fedora 32 Update: nagios-4.4.6-3.fc32
2021-03-07 13:53:11
[SECURITY] Fedora 34 Update: nagios-4.4.6-4.fc34
2021-03-19 20:25:28
mageia
mageia
Updated nagios packages fix a security vulnerability
2021-05-12 12:56:40
mscve
mscve
Microsoft Graphics Remote Code Execution Vulnerability
2020-07-14 07:00:00
suse
suse
Security update for nagios (important)
2021-05-16 00:00:00
Security update for nagios (important)
2021-05-12 00:00:00
mskb
mskb
July 14, 2020—KB4565529 (Security-only update)
2020-07-14 07:00:00
July 14, 2020—KB4565536 (Monthly Rollup)
2020-07-14 07:00:00
July 14, 2020—KB4565539 (Security-only update)
2020-07-14 07:00:00
kaspersky
kaspersky
KLA11863 Multiple vulnerabilities in Microsoft Products (ESU)
2020-07-14 00:00:00
KLA11865 Multiple vulnerabilities in Microsoft Windows
2020-07-14 00:00:00
avleonov
avleonov