Mandriva Linux Security Advisory : nagios (MDVSA-2014:004)
2014-01-19T00:00:00
ID MANDRIVA_MDVSA-2014-004.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-01-19T00:00:00
Description
Multiple vulnerabilities has been discovered and corrected in nagios :
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,
and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2
allow remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list to the process_cgivars
function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)
histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)
statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers
a heap-based buffer over-read (CVE-2013-7108).
Off-by-one error in the process_cgivars function in
contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows
remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list, which triggers a
heap-based buffer over-read (CVE-2013-7205).
The updated packages have been patched to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:004.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72019);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2013-7108", "CVE-2013-7205");
script_bugtraq_id(64363, 64489);
script_xref(name:"MDVSA", value:"2014:004");
script_name(english:"Mandriva Linux Security Advisory : nagios (MDVSA-2014:004)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been discovered and corrected in nagios :
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,
and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2
allow remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list to the process_cgivars
function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)
histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)
statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers
a heap-based buffer over-read (CVE-2013-7108).
Off-by-one error in the process_cgivars function in
contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows
remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list, which triggers a
heap-based buffer over-read (CVE-2013-7205).
The updated packages have been patched to correct these issues."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected nagios, nagios-devel and / or nagios-www packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nagios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nagios-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nagios-www");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nagios-3.4.4-4.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nagios-devel-3.4.4-4.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nagios-www-3.4.4-4.1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2014-004.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : nagios (MDVSA-2014:004)", "description": "Multiple vulnerabilities has been discovered and corrected in nagios :\n\nMultiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read (CVE-2013-7108).\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read (CVE-2013-7205).\n\nThe updated packages have been patched to correct these issues.", "published": "2014-01-19T00:00:00", "modified": "2014-01-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/72019", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": [], "cvelist": ["CVE-2013-7205", "CVE-2013-7108"], "type": "nessus", "lastseen": "2021-01-07T11:54:27", "edition": 25, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-7108", "CVE-2013-7205"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13733", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630"]}, {"type": "freebsd", "idList": ["BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-60.NASL", "OPENSUSE-2014-13.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-42.NASL", "OPENSUSE-2014-58.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "SUSE_11_NAGIOS-140108.NASL", "UBUNTU_USN-3253-1.NASL", "GENTOO_GLSA-201412-23.NASL", "DEBIAN_DLA-1615.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956", "OPENVAS:1361412562310843202"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-60-1:5B1EB"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}], "modified": "2021-01-07T11:54:27", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-01-07T11:54:27", "rev": 2}, "vulnersScore": 5.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:004. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72019);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\");\n script_bugtraq_id(64363, 64489);\n script_xref(name:\"MDVSA\", value:\"2014:004\");\n\n script_name(english:\"Mandriva Linux Security Advisory : nagios (MDVSA-2014:004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in nagios :\n\nMultiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\nand Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\nallow remote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list to the process_cgivars\nfunction in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)\nhistogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)\nstatusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers\na heap-based buffer over-read (CVE-2013-7108).\n\nOff-by-one error in the process_cgivars function in\ncontrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows\nremote authenticated users to obtain sensitive information from\nprocess memory or cause a denial of service (crash) via a long string\nin the last key value in the variable list, which triggers a\nheap-based buffer over-read (CVE-2013-7205).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios, nagios-devel and / or nagios-www packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nagios-3.4.4-4.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nagios-devel-3.4.4-4.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nagios-www-3.4.4-4.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "72019", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:nagios", "p-cpe:/a:mandriva:linux:nagios-devel", "p-cpe:/a:mandriva:linux:nagios-www"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:52:49", "description": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.", "edition": 5, "cvss3": {}, "published": "2014-01-15T16:08:00", "title": "CVE-2013-7108", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7108"], "modified": "2018-12-25T11:29:00", "cpe": ["cpe:/a:icinga:icinga:1.6.0", "cpe:/a:icinga:icinga:1.0.3", "cpe:/a:icinga:icinga:1.8.3", "cpe:/a:icinga:icinga:0.8.3", "cpe:/a:nagios:nagios:3.1.0", "cpe:/a:icinga:icinga:1.7.4", "cpe:/a:icinga:icinga:1.6.1", "cpe:/a:icinga:icinga:1.0.1", "cpe:/a:nagios:nagios:3.0.4", "cpe:/a:icinga:icinga:0.8.2", "cpe:/a:nagios:nagios:3.4.2", "cpe:/a:nagios:nagios:3.4.1", "cpe:/a:icinga:icinga:1.9.2", "cpe:/a:icinga:icinga:1.9.1", "cpe:/a:icinga:icinga:1.7.3", "cpe:/a:icinga:icinga:1.8.4", "cpe:/a:nagios:nagios:3.1.1", "cpe:/a:nagios:nagios:3.0.3", "cpe:/a:nagios:nagios:3.0.6", "cpe:/a:nagios:nagios:3.2.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.8.2", "cpe:/a:icinga:icinga:1.3.0", "cpe:/a:nagios:nagios:3.0", "cpe:/a:nagios:nagios:3.5.1", "cpe:/a:icinga:icinga:1.2.0", "cpe:/a:nagios:nagios:3.2.0", "cpe:/a:icinga:icinga:1.8.0", "cpe:/a:icinga:icinga:0.8.1", "cpe:/a:nagios:nagios:3.0.5", "cpe:/a:icinga:icinga:0.8.4", "cpe:/a:icinga:icinga:1.4.1", "cpe:/a:icinga:icinga:1.7.1", "cpe:/a:icinga:icinga:1.7.0", "cpe:/a:nagios:nagios:4.0.2", "cpe:/a:nagios:nagios:3.3.1", "cpe:/a:nagios:nagios:3.0.2", "cpe:/a:icinga:icinga:1.0.2", "cpe:/a:icinga:icinga:1.8.1", "cpe:/a:icinga:icinga:1.3.1", "cpe:/a:icinga:icinga:0.8.0", "cpe:/a:nagios:nagios:3.0.1", "cpe:/a:nagios:nagios:3.1.2", "cpe:/a:icinga:icinga:1.9.0", "cpe:/a:icinga:icinga:1.10.1", "cpe:/a:nagios:nagios:3.4.3", "cpe:/a:nagios:nagios:3.2.2", "cpe:/a:nagios:nagios:3.4.0", "cpe:/a:icinga:icinga:1.9.3", "cpe:/a:nagios:nagios:3.2.3", "cpe:/a:icinga:icinga:1.4.0", "cpe:/a:icinga:icinga:1.7.2", "cpe:/a:icinga:icinga:1.6.2", "cpe:/a:icinga:icinga:1.2.1", "cpe:/a:icinga:icinga:1.0"], "id": "CVE-2013-7108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7108", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:49", "description": "Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.", "edition": 5, "cvss3": {}, "published": "2014-01-15T16:08:00", "title": "CVE-2013-7205", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7205"], "modified": "2018-12-25T11:29:00", "cpe": ["cpe:/a:nagios:nagios:3.1.0", "cpe:/a:nagios:nagios:3.0.4", "cpe:/a:nagios:nagios:3.4.2", "cpe:/a:nagios:nagios:3.4.1", "cpe:/a:nagios:nagios:3.1.1", "cpe:/a:nagios:nagios:3.0.3", "cpe:/a:nagios:nagios:3.0.6", "cpe:/a:nagios:nagios:3.2.1", "cpe:/a:nagios:nagios:3.0", "cpe:/a:nagios:nagios:3.5.1", "cpe:/a:nagios:nagios:3.2.0", "cpe:/a:nagios:nagios:3.0.5", "cpe:/a:nagios:nagios:4.0.2", "cpe:/a:nagios:nagios:3.3.1", "cpe:/a:nagios:nagios:3.0.2", "cpe:/a:nagios:nagios:3.0.1", "cpe:/a:nagios:nagios:3.1.2", "cpe:/a:nagios:nagios:3.4.3", "cpe:/a:nagios:nagios:3.2.2", "cpe:/a:nagios:nagios:3.4.0", "cpe:/a:nagios:nagios:3.2.3"], "id": "CVE-2013-7205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7205", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:33:31", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7205", "CVE-2013-7108"], "description": "\nEric Stanley reports:\n\nMost CGIs previously incremented the input variable counter twice\n\t when it encountered a long key value. This could cause the CGI to\n\t read past the end of the list of CGI variables.\n\n", "edition": 4, "modified": "2013-12-20T00:00:00", "published": "2013-12-20T00:00:00", "id": "BA04A373-7D20-11E3-8992-00132034B086", "href": "https://vuxml.freebsd.org/freebsd/ba04a373-7d20-11e3-8992-00132034b086.html", "title": "nagios -- denial of service vulnerability", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:49:25", "description": "Eric Stanley reports :\n\nMost CGIs previously incremented the input variable counter twice when\nit encountered a long key value. This could cause the CGI to read past\nthe end of the list of CGI variables.", "edition": 22, "published": "2014-01-15T00:00:00", "title": "FreeBSD : nagios -- denial of service vulnerability (ba04a373-7d20-11e3-8992-00132034b086)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7205", "CVE-2013-7108"], "modified": "2014-01-15T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nagios"], "id": "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "href": "https://www.tenable.com/plugins/nessus/71961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71961);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\");\n\n script_name(english:\"FreeBSD : nagios -- denial of service vulnerability (ba04a373-7d20-11e3-8992-00132034b086)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric Stanley reports :\n\nMost CGIs previously incremented the input variable counter twice when\nit encountered a long key value. This could cause the CGI to read past\nthe end of the list of CGI variables.\"\n );\n # http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f8c1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1046113\"\n );\n # https://vuxml.freebsd.org/freebsd/ba04a373-7d20-11e3-8992-00132034b086.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d33d4ff0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nagios<3.5.1_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T10:56:40", "description": "The remote host is affected by the vulnerability described in GLSA-201412-23\n(Nagios: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Nagios. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code, cause a Denial\n of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-23 : Nagios: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7205", "CVE-2012-6096", "CVE-2013-7108"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:nagios-core"], "id": "GENTOO_GLSA-201412-23.NASL", "href": "https://www.tenable.com/plugins/nessus/79976", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-23.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79976);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-6096\", \"CVE-2013-7108\", \"CVE-2013-7205\");\n script_bugtraq_id(56879, 64363, 64489);\n script_xref(name:\"GLSA\", value:\"201412-23\");\n\n script_name(english:\"GLSA-201412-23 : Nagios: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-23\n(Nagios: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Nagios. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code, cause a Denial\n of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Nagios users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/nagios-core-3.5.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Nagios3 history.cgi Host Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nagios-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/nagios-core\", unaffected:make_list(\"ge 3.5.1\"), vulnerable:make_list(\"lt 3.5.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Nagios\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:44:52", "description": "USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log\nfiles from being displayed in the web interface. This update fixes the\nproblem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Nagios incorrectly handled certain long\nstrings. A remote authenticated attacker could use this issue to cause\nNagios to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain\nlong messages to cmd.cgi. A remote attacker could possibly\nuse this issue to cause Nagios to crash, resulting in a\ndenial of service. (CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled\nsymlinks when accessing log files. A local attacker could\npossibly use this issue to elevate privileges. In the\ndefault installation of Ubuntu, this should be prevented by\nthe Yama link restrictions. (CVE-2016-9566).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-08T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : nagios3 regression (USN-3253-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:nagios3-core", "p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3253-2.NASL", "href": "https://www.tenable.com/plugins/nessus/100677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3253-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100677);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\");\n script_xref(name:\"USN\", value:\"3253-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : nagios3 regression (USN-3253-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log\nfiles from being displayed in the web interface. This update fixes the\nproblem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Nagios incorrectly handled certain long\nstrings. A remote authenticated attacker could use this issue to cause\nNagios to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain\nlong messages to cmd.cgi. A remote attacker could possibly\nuse this issue to cause Nagios to crash, resulting in a\ndenial of service. (CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled\nsymlinks when accessing log files. A local attacker could\npossibly use this issue to elevate privileges. In the\ndefault installation of Ubuntu, this should be prevented by\nthe Yama link restrictions. (CVE-2016-9566).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3253-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios3-cgi and / or nagios3-core packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nagios3-core\", pkgver:\"3.5.1-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1.dfsg-2.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nagios3-core\", pkgver:\"3.5.1.dfsg-2.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1.dfsg-2.1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"nagios3-core\", pkgver:\"3.5.1.dfsg-2.1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1.dfsg-2.1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"nagios3-core\", pkgver:\"3.5.1.dfsg-2.1ubuntu5.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios3-cgi / nagios3-core\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:44:52", "description": "It was discovered that Nagios incorrectly handled certain long\nstrings. A remote authenticated attacker could use this issue to cause\nNagios to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain long\nmessages to cmd.cgi. A remote attacker could possibly use this issue\nto cause Nagios to crash, resulting in a denial of service.\n(CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled symlinks\nwhen accessing log files. A local attacker could possibly use this\nissue to elevate privileges. In the default installation of Ubuntu,\nthis should be prevented by the Yama link restrictions.\n(CVE-2016-9566).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-04T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : nagios3 vulnerabilities (USN-3253-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:nagios3-core", "p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3253-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3253-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99182);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\");\n script_xref(name:\"USN\", value:\"3253-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : nagios3 vulnerabilities (USN-3253-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Nagios incorrectly handled certain long\nstrings. A remote authenticated attacker could use this issue to cause\nNagios to crash, resulting in a denial of service, or possibly obtain\nsensitive information. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain long\nmessages to cmd.cgi. A remote attacker could possibly use this issue\nto cause Nagios to crash, resulting in a denial of service.\n(CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled symlinks\nwhen accessing log files. A local attacker could possibly use this\nissue to elevate privileges. In the default installation of Ubuntu,\nthis should be prevented by the Yama link restrictions.\n(CVE-2016-9566).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3253-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios3-cgi and / or nagios3-core packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nagios3-core\", pkgver:\"3.5.1-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1.dfsg-2.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nagios3-core\", pkgver:\"3.5.1.dfsg-2.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"nagios3-cgi\", pkgver:\"3.5.1.dfsg-2.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"nagios3-core\", pkgver:\"3.5.1.dfsg-2.1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios3-cgi / nagios3-core\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:40:12", "description": "Several issues were corrected in nagios3, a monitoring and management\nsystem for hosts, services and networks.\n\nCVE-2018-18245\n\nMaximilian Boehner of usd AG found a cross-site scripting (XSS)\nvulnerability in Nagios Core. This vulnerability allows attackers to\nplace malicious JavaScript code into the web frontend through\nmanipulation of plugin output. In order to do this the attacker needs\nto be able to manipulate the output returned by nagios checks, e.g. by\nreplacing a plugin on one of the monitored endpoints. Execution of the\npayload then requires that an authenticated user creates an alert\nsummary report which contains the corresponding output.\n\nCVE-2016-9566\n\nIt was discovered that local users with access to an account in the\nnagios group are able to gain root privileges via a symlink attack on\nthe debug log file.\n\nCVE-2014-1878\n\nAn issue was corrected that allowed remote attackers to cause a\nstack-based buffer overflow and subsequently a denial of service\n(segmentation fault) via a long message to cmd.cgi.\n\nCVE-2013-7205 | CVE-2013-7108\n\nA flaw was corrected in Nagios that could be exploited to cause a\ndenial of service. This vulnerability is induced due to an off-by-one\nerror within the process_cgivars() function, which can be exploited to\ncause an out-of-bounds read by sending a specially crafted key value\nto the Nagios web UI.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.5.1.dfsg-2+deb8u1.\n\nWe recommend that you upgrade your nagios3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-27T00:00:00", "title": "Debian DLA-1615-1 : nagios3 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2018-18245", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "modified": "2018-12-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:nagios3-common", "p-cpe:/a:debian:debian_linux:nagios3-core", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:nagios3", "p-cpe:/a:debian:debian_linux:nagios3-dbg", "p-cpe:/a:debian:debian_linux:nagios3-doc", "p-cpe:/a:debian:debian_linux:nagios3-cgi"], "id": "DEBIAN_DLA-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/119875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1615-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119875);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\", \"CVE-2018-18245\");\n script_bugtraq_id(64363, 64489, 65605);\n\n script_name(english:\"Debian DLA-1615-1 : nagios3 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues were corrected in nagios3, a monitoring and management\nsystem for hosts, services and networks.\n\nCVE-2018-18245\n\nMaximilian Boehner of usd AG found a cross-site scripting (XSS)\nvulnerability in Nagios Core. This vulnerability allows attackers to\nplace malicious JavaScript code into the web frontend through\nmanipulation of plugin output. In order to do this the attacker needs\nto be able to manipulate the output returned by nagios checks, e.g. by\nreplacing a plugin on one of the monitored endpoints. Execution of the\npayload then requires that an authenticated user creates an alert\nsummary report which contains the corresponding output.\n\nCVE-2016-9566\n\nIt was discovered that local users with access to an account in the\nnagios group are able to gain root privileges via a symlink attack on\nthe debug log file.\n\nCVE-2014-1878\n\nAn issue was corrected that allowed remote attackers to cause a\nstack-based buffer overflow and subsequently a denial of service\n(segmentation fault) via a long message to cmd.cgi.\n\nCVE-2013-7205 | CVE-2013-7108\n\nA flaw was corrected in Nagios that could be exploited to cause a\ndenial of service. This vulnerability is induced due to an off-by-one\nerror within the process_cgivars() function, which can be exploited to\ncause an out-of-bounds read by sending a specially crafted key value\nto the Nagios web UI.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.5.1.dfsg-2+deb8u1.\n\nWe recommend that you upgrade your nagios3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/nagios3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios3-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"nagios3\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nagios3-cgi\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nagios3-common\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nagios3-core\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nagios3-dbg\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nagios3-doc\", reference:\"3.5.1.dfsg-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:15", "description": "nagios was updated to fix a possible denial of service in CGI\nexecutables.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : nagios (openSUSE-SU-2014:0016-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7108"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:nagios-www-debuginfo", "p-cpe:/a:novell:opensuse:nagios-debugsource", "p-cpe:/a:novell:opensuse:nagios-www", "p-cpe:/a:novell:opensuse:nagios", "p-cpe:/a:novell:opensuse:nagios-debuginfo", "p-cpe:/a:novell:opensuse:nagios-www-dch", "p-cpe:/a:novell:opensuse:nagios-devel", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2014-13.NASL", "href": "https://www.tenable.com/plugins/nessus/75260", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-13.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75260);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-7108\");\n script_bugtraq_id(64363);\n\n script_name(english:\"openSUSE Security Update : nagios (openSUSE-SU-2014:0016-1)\");\n script_summary(english:\"Check for the openSUSE-2014-13 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"nagios was updated to fix a possible denial of service in CGI\nexecutables.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-www-dch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-debuginfo-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-debugsource-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-devel-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-www-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-www-dch-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"nagios-www-debuginfo-3.5.0-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-debuginfo-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-debugsource-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-devel-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-www-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-www-dch-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-www-debuginfo-3.5.0-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-3.5.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-debugsource-3.5.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-devel-3.5.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-www-3.5.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-www-dch-3.5.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"nagios-www-debuginfo-3.5.1-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-06-05T11:12:20", "description": " - imported upstream version 1.10.2\n\n - includes fix for possible denial of service in CGI\n executables: CVE-2013-7108 (bnc#856837)\n\n - core: Add an Icinga syntax plugin for Vim #4150 - LE/MF\n\n - core: Document dropped options\n log_external_commands_user and event_profiling_enabled\n #4957 - BA\n\n - core: type in spec file on ido2db startup #5000 - MF\n\n - core: Build fails: xdata/xodtemplate.c requires stdint.h\n #5021 - SH\n\n - classic ui: fix status output in JSON format not\n including short and long plugin output properly #5217 -\n RB\n\n - classic ui: fix possible buffer overflows #5250 - RB\n\n - classic ui: fix Off-by-one memory access in\n process_cgivars() #5251 - RB\n\n - idoutils: idoutils oracle compile error #5059 - TD\n\n - idoutils: Oracle update script 1.10.0 failes while\n trying to drop nonexisting index #5256 - RB\n\n - imported upstream version 1.10.1\n\n - core: add line number information to config verification\n error messages #4967 - GB\n\n - core/idoutils: revert check_source attribute due to\n mod_gearman manipulating in-memory checkresult list\n #4958 - MF\n\n ** classic ui/idoutils schema: functionality is kept\n only for Icinga 2 support\n\n - classic ui: fix context help on mouseover in cmd.cgi\n (Marc-Christian Petersen) #4971 - MF\n\n - classic ui: correction of colspan value in status.cgi\n (Bernd Arnold) #4961 - MF\n\n - idoutils: fix pgsql update script #4953 - AW/MF\n\n - idoutils: fix logentry_type being integer, not unsigned\n long (thx David Mikulksi) #4953 - MF\n\n - fixed file permission of icingastats - bnc#851619 \n\n - switch to all unhandled problems per default in\n index.html", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0097-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7108"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:nagios-rpm-macros", "p-cpe:/a:novell:opensuse:icinga-idoutils", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "id": "OPENSUSE-2014-58.NASL", "href": "https://www.tenable.com/plugins/nessus/75394", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-58.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75394);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-7108\");\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0097-1)\");\n script_summary(english:\"Check for the openSUSE-2014-58 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - imported upstream version 1.10.2\n\n - includes fix for possible denial of service in CGI\n executables: CVE-2013-7108 (bnc#856837)\n\n - core: Add an Icinga syntax plugin for Vim #4150 - LE/MF\n\n - core: Document dropped options\n log_external_commands_user and event_profiling_enabled\n #4957 - BA\n\n - core: type in spec file on ido2db startup #5000 - MF\n\n - core: Build fails: xdata/xodtemplate.c requires stdint.h\n #5021 - SH\n\n - classic ui: fix status output in JSON format not\n including short and long plugin output properly #5217 -\n RB\n\n - classic ui: fix possible buffer overflows #5250 - RB\n\n - classic ui: fix Off-by-one memory access in\n process_cgivars() #5251 - RB\n\n - idoutils: idoutils oracle compile error #5059 - TD\n\n - idoutils: Oracle update script 1.10.0 failes while\n trying to drop nonexisting index #5256 - RB\n\n - imported upstream version 1.10.1\n\n - core: add line number information to config verification\n error messages #4967 - GB\n\n - core/idoutils: revert check_source attribute due to\n mod_gearman manipulating in-memory checkresult list\n #4958 - MF\n\n ** classic ui/idoutils schema: functionality is kept\n only for Icinga 2 support\n\n - classic ui: fix context help on mouseover in cmd.cgi\n (Marc-Christian Petersen) #4971 - MF\n\n - classic ui: correction of colspan value in status.cgi\n (Bernd Arnold) #4961 - MF\n\n - idoutils: fix pgsql update script #4953 - AW/MF\n\n - idoutils: fix logentry_type being integer, not unsigned\n long (thx David Mikulksi) #4953 - MF\n\n - fixed file permission of icingastats - bnc#851619 \n\n - switch to all unhandled problems per default in\n index.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=834828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"nagios-rpm-macros-0.08-2.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga / icinga-debuginfo / icinga-debugsource / icinga-devel / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-06-05T12:29:17", "description": "This update fixes a DoS vulnerability in process_cgivars() of the\nnagios package. CVE-2013-7108 has been assigned to this issue.", "edition": 16, "published": "2014-01-29T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : nagios (SAT Patch Numbers 8726 / 8727)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7108"], "modified": "2014-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:nagios", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:nagios-www"], "id": "SUSE_11_NAGIOS-140108.NASL", "href": "https://www.tenable.com/plugins/nessus/72199", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72199);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-7108\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : nagios (SAT Patch Numbers 8726 / 8727)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a DoS vulnerability in process_cgivars() of the\nnagios package. CVE-2013-7108 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7108.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8726 / 8727 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nagios-www\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"nagios-3.0.6-1.25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"nagios-www-3.0.6-1.25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nagios-3.0.6-1.25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"nagios-www-3.0.6-1.25.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-06-05T11:12:17", "description": " - imported upstream version 1.10.2\n\n - includes fix for possible denial of service in CGI\n executables: CVE-2013-7108 (bnc#856837)\n\n - core: Add an Icinga syntax plugin for Vim #4150 - LE/MF\n\n - core: Document dropped options\n log_external_commands_user and event_profiling_enabled\n #4957 - BA\n\n - core: type in spec file on ido2db startup #5000 - MF\n\n - core: Build fails: xdata/xodtemplate.c requires stdint.h\n #5021 - SH\n\n - classic ui: fix status output in JSON format not\n including short and long plugin output properly #5217 -\n RB\n\n - classic ui: fix possible buffer overflows #5250 - RB\n\n - classic ui: fix Off-by-one memory access in\n process_cgivars() #5251 - RB\n\n - idoutils: idoutils oracle compile error #5059 - TD\n\n - idoutils: Oracle update script 1.10.0 failes while\n trying to drop nonexisting index #5256 - RB\n\n - imported upstream version 1.10.1\n\n - core: add line number information to config verification\n error messages #4967 - GB\n\n - core/idoutils: revert check_source attribute due to\n mod_gearman manipulating in-memory checkresult list\n #4958 - MF\n\n ** classic ui/idoutils schema: functionality is kept\n only for Icinga 2 support\n\n - classic ui: fix context help on mouseover in cmd.cgi\n (Marc-Christian Petersen) #4971 - MF\n\n - classic ui: correction of colspan value in status.cgi\n (Bernd Arnold) #4961 - MF\n\n - idoutils: fix pgsql update script #4953 - AW/MF\n\n - idoutils: fix logentry_type being integer, not unsigned\n long (thx David Mikulksi) #4953 - MF\n\n - fixed file permission of icingastats - bnc#851619 \n\n - switch to all unhandled problems per default in\n index.html", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7108"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "id": "OPENSUSE-2014-42.NASL", "href": "https://www.tenable.com/plugins/nessus/75388", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-42.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75388);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-7108\");\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)\");\n script_summary(english:\"Check for the openSUSE-2014-42 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - imported upstream version 1.10.2\n\n - includes fix for possible denial of service in CGI\n executables: CVE-2013-7108 (bnc#856837)\n\n - core: Add an Icinga syntax plugin for Vim #4150 - LE/MF\n\n - core: Document dropped options\n log_external_commands_user and event_profiling_enabled\n #4957 - BA\n\n - core: type in spec file on ido2db startup #5000 - MF\n\n - core: Build fails: xdata/xodtemplate.c requires stdint.h\n #5021 - SH\n\n - classic ui: fix status output in JSON format not\n including short and long plugin output properly #5217 -\n RB\n\n - classic ui: fix possible buffer overflows #5250 - RB\n\n - classic ui: fix Off-by-one memory access in\n process_cgivars() #5251 - RB\n\n - idoutils: idoutils oracle compile error #5059 - TD\n\n - idoutils: Oracle update script 1.10.0 failes while\n trying to drop nonexisting index #5256 - RB\n\n - imported upstream version 1.10.1\n\n - core: add line number information to config verification\n error messages #4967 - GB\n\n - core/idoutils: revert check_source attribute due to\n mod_gearman manipulating in-memory checkresult list\n #4958 - MF\n\n ** classic ui/idoutils schema: functionality is kept\n only for Icinga 2 support\n\n - classic ui: fix context help on mouseover in cmd.cgi\n (Marc-Christian Petersen) #4971 - MF\n\n - classic ui: correction of colspan value in status.cgi\n (Bernd Arnold) #4961 - MF\n\n - idoutils: fix pgsql update script #4953 - AW/MF\n\n - idoutils: fix logentry_type being integer, not unsigned\n long (thx David Mikulksi) #4953 - MF\n\n - fixed file permission of icingastats - bnc#851619 \n\n - switch to all unhandled problems per default in\n index.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga / icinga-debuginfo / icinga-debugsource / icinga-devel / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T09:43:57", "description": "Two fixes for the Classic UI :\n\n - fix off-by-one memory access in process_cgivars()\n (CVE-2013-7108)\n\n - prevent possible buffer overflows in cmd.cgi\n (CVE-2014-1878)\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Debian DLA-60-1 : icinga security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1878", "CVE-2013-7108"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:icinga-dbg", "p-cpe:/a:debian:debian_linux:icinga-doc", "p-cpe:/a:debian:debian_linux:icinga-phpapi", "p-cpe:/a:debian:debian_linux:icinga-idoutils", "p-cpe:/a:debian:debian_linux:icinga-core", "p-cpe:/a:debian:debian_linux:icinga-cgi", "p-cpe:/a:debian:debian_linux:icinga", "p-cpe:/a:debian:debian_linux:icinga-common"], "id": "DEBIAN_DLA-60.NASL", "href": "https://www.tenable.com/plugins/nessus/82205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-60-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82205);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7108\", \"CVE-2014-1878\");\n script_bugtraq_id(64363, 65605);\n\n script_name(english:\"Debian DLA-60-1 : icinga security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two fixes for the Classic UI :\n\n - fix off-by-one memory access in process_cgivars()\n (CVE-2013-7108)\n\n - prevent possible buffer overflows in cmd.cgi\n (CVE-2014-1878)\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/icinga\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga-phpapi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icinga\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-cgi\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-common\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-core\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-dbg\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-doc\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-idoutils\", reference:\"1.0.2-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"icinga-phpapi\", reference:\"1.0.2-2+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-7205", "CVE-2013-7108"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:004\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : nagios\r\n Date : January 16, 2014\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in nagios:\r\n \r\n Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,\r\n and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2\r\n allow remote authenticated users to obtain sensitive information from\r\n process memory or cause a denial of service (crash) via a long string\r\n in the last key value in the variable list to the process_cgivars\r\n function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c,\r\n (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c,\r\n (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which\r\n triggers a heap-based buffer over-read (CVE-2013-7108).\r\n \r\n Off-by-one error in the process_cgivars function in contrib/daemonchk.c\r\n in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated\r\n users to obtain sensitive information from process memory or cause\r\n a denial of service (crash) via a long string in the last key value\r\n in the variable list, which triggers a heap-based buffer over-read\r\n (CVE-2013-7205).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7205\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n b0f9766b9c800cabc2d48c3cd6a0d754 mes5/i586/nagios-3.1.2-0.5mdvmes5.2.i586.rpm\r\n 250e0e806816abe05be0d6492800d15c mes5/i586/nagios-devel-3.1.2-0.5mdvmes5.2.i586.rpm\r\n 4e38af03680cdaf6943a3cda473147e7 mes5/i586/nagios-theme-default-3.1.2-0.5mdvmes5.2.i586.rpm\r\n 1b34d425d31cd67ce1e119dbbe1d2a34 mes5/i586/nagios-www-3.1.2-0.5mdvmes5.2.i586.rpm \r\n 54aa5cd353453a0400674ab7d92b3154 mes5/SRPMS/nagios-3.1.2-0.5mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n b748f8bd42b90b12d57370aabfef21b9 mes5/x86_64/nagios-3.1.2-0.5mdvmes5.2.x86_64.rpm\r\n 346d9552cc42bd664e99006bcfd15730 mes5/x86_64/nagios-devel-3.1.2-0.5mdvmes5.2.x86_64.rpm\r\n 4cb14dea2cf09787d2d187969cc00590 mes5/x86_64/nagios-theme-default-3.1.2-0.5mdvmes5.2.x86_64.rpm\r\n d66f5f485845c0039d8083d0af38379f mes5/x86_64/nagios-www-3.1.2-0.5mdvmes5.2.x86_64.rpm \r\n 54aa5cd353453a0400674ab7d92b3154 mes5/SRPMS/nagios-3.1.2-0.5mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 25b21259455d7fd14f58191c136490d5 mbs1/x86_64/nagios-3.4.4-4.1.mbs1.x86_64.rpm\r\n 368959c2c78bd6bf48ed10d84e440d0c mbs1/x86_64/nagios-devel-3.4.4-4.1.mbs1.x86_64.rpm\r\n cfd069de34d3de15f7b80bb5ffb07d8c mbs1/x86_64/nagios-www-3.4.4-4.1.mbs1.x86_64.rpm \r\n 4db6f650ab30c32be4a7ab574d0c8225 mbs1/SRPMS/nagios-3.4.4-4.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD4DBQFS19vmmqjQ0CJFipgRAlFYAJ9xfMNIFUkECvfs5uTpy97yRE31VwCXcVjC\r\n8WDQGFeiI1jbLTbleK4TBg==\r\n=DSkb\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-01-19T00:00:00", "published": "2014-01-19T00:00:00", "id": "SECURITYVULNS:DOC:30248", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30248", "title": "[ MDVSA-2014:004 ] nagios", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-7108"], "description": "\r\n\r\nDeutsche Telekom CERT Advisory [DTC-A-20140324-004]\r\n\r\nSummary:\r\nAn Off-by-one memory access was found in the web gui of nagios.\r\n\r\nA patch was applied to the core master branch of nagios (http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/).\r\nThis resolution is announced to be rolled into the 4.0.3 version of Nagios Core once testing has been completed.\r\n\r\nThere has been no feedback regarding the Version 3.5 branch of nagios, but the current sources seem to indicate that the issue was patched in version 3.5 as well. The issue should be fixed in the next release.\r\n\r\nHomepage: http://www.nagios.org/\r\n\r\nRecommendations:\r\nBug fixes in the source code available. Install updated packages as soon these packages are available. \r\n\r\nDetails:\r\na) application\r\nb) problem\r\nc) CVSS\r\nd) detailed description\r\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\r\na1) Nagios 3.5.0 [CVE-2013-7108]\r\nb1) Off-by-one memory access\r\nc1) 4.9 AV:N/AC:M/Au:S/C:P/I:N/A:P\r\nd1) The icinga and nagios web gui are susceptible to an "off-by-one read" error, which is resulting from an improper assumption in the handling of user submitted CGI parameters. To prevent buffer overflow attacks against the web gui, icinga/nagios checks for valid string length of user submitted parameters. Any parameter, which is bigger than MAX_INPUT_BUFFER-1 characters long will be discarded. However, by sending a specially crafted cgi parameter, the check routine can be forced to skip the terminating null pointer and read the heap address right after the end of the parameter list. Depending on the memory layout, this may result in a memory corruption condition/crash or reading of sensitive memory locations.\r\n\r\nDeutsche Telekom CERT\r\nLandgrabenweg 151, 53227 Bonn, Germany\r\n+49 800 DTAG CERT (Tel.)\r\nE-Mail: cert@telekom.de\r\nLife is for sharing.\r\n \r\nDeutsche Telekom AG\r\nSupervisory Board: Prof. Dr. Ulrich Lehner (Chairman)\r\nBoard of Management: Timotheus Hottges (Chairman),\r\nDr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,\r\nThomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick\r\nCommercial register: Amtsgericht Bonn HRB 6794\r\nRegistered office: Bonn\r\n \r\nBig changes start small \u2013 conserve resources by not printing every e-mail.\r\n\r\n", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30630", "title": "Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability", "type": "securityvulns", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-7106", "CVE-2013-7108"], "description": "\r\n\r\nDeutsche Telekom CERT Advisory [DTC-A-20140324-003]\r\n\r\nSummary:\r\nTwo vulnerabilities were found in icinga version 1.9.1. \r\n\r\nThese vulnerabilities are:\r\n1) several buffer overflows\r\n2) Off-by-one memory access\r\n\r\nRecommendations:\r\nUpdates available and need to be installed:\r\n- Icinga 1.10.2 Bug Fix Release\r\n- Icinga 1.9.4 \r\n- Icinga 1.8.5\r\n\r\nHomepage: https://www.icinga.org/\r\n\r\nDetails:\r\na) application\r\nb) problem\r\nc) CVSS\r\nd) detailed description\r\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\r\na1) Icinga 1.9.1\r\nb1) Buffer Overflow [CVE-2013-7106]\r\nc1) 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C \r\nd1) The icinga web gui is susceptible to several buffer overflow flaws, which can be triggered as a logged on user. A remote attacker may utilize a CSRF (cross site request forgery) attack vector against a logged in user to exploit this flaw remotely. Depending on the target system, this may result in code execution and eventually full compromise of the icinga server. \r\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\r\na2) Icinga 1.9.1 [CVE-2013-7108]\r\nb2) Off-by-one memory access\r\nc2) 4.9 AV:N/AC:M/Au:S/C:P/I:N/A:P\r\nd2) The icinga and nagios web gui are susceptible to an "off-by-one read" error, which is resulting from an improper assumption in the handling of user submitted CGI parameters. To prevent buffer overflow attacks against the web gui, icinga/nagios checks for valid string length of user submitted parameters. Any parameter, which is bigger than MAX_INPUT_BUFFER-1 characters long will be discarded. However, by sending a specially crafted cgi parameter, the check routine can be forced to skip the terminating null pointer and read the heap address right after the end of the parameter list. Depending on the memory layout, this may result in a memory corruption condition/crash or reading of sensitive memory locations.\r\n\r\nDeutsche Telekom CERT\r\nLandgrabenweg 151, 53227 Bonn, Germany\r\n+49 800 DTAG CERT (Tel.)\r\nE-Mail: cert@telekom.de\r\nLife is for sharing.\r\n \r\nDeutsche Telekom AG\r\nSupervisory Board: Prof. Dr. Ulrich Lehner (Chairman)\r\nBoard of Management: Timotheus Hottges (Chairman),\r\nDr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,\r\nThomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick\r\nCommercial register: Amtsgericht Bonn HRB 6794\r\nRegistered office: Bonn\r\n \r\nBig changes start small \u2013 conserve resources by not printing every e-mail.\r\n\r\n", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30629", "title": "Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-4200", "CVE-2013-7219", "CVE-2013-6429", "CVE-2013-4152", "CVE-2014-1238", "CVE-2013-7205", "CVE-2014-0977", "CVE-2013-6430", "CVE-2013-7108"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-01-19T00:00:00", "published": "2014-01-19T00:00:00", "id": "SECURITYVULNS:VULN:13533", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13533", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2956-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 11, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : icinga\r\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \r\n CVE-2014-2386\r\n\r\nMultiple security issues have been found in the Icinga host and network\r\nmonitoring system (buffer overflows, cross-site request forgery, off-by\r\nones) which could result in the execution of arbitrary code, denial of\r\nservice or session hijacking.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.7.1-7.\r\n\r\nFor the testing distribution (jessie), these problems have been fixed in\r\nversion 1.11.0-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 1.11.0-1.\r\n\r\nWe recommend that you upgrade your icinga packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTmGiJAAoJEBDCk7bDfE42ht8QALgnGvSkYNUNH1hGAkLs5k8U\r\nUaclxk+kZl/m4sx1w1si/iF/XWMmq1+A3ptsByMXSq2dyrtqBP6Y9aJX0UU0Yyep\r\nFvMP1XjFY+ooVVv0Yhd5nagtCreIVj/Q/bhgIxOV6b55BJaCiuOueFpRRNVX17IL\r\npg04TDgeKmzC3Rk4FK64fvWWoj99UnQu3D2QqToeeQfArkj+6jUGCvmcPi0c95wd\r\necVZxmPaFdLkzzjLTDMN+vR4v4d5EtvGi1sLvind5ceuhzh8OMfv+j2H1Omv/w+P\r\nFz+vMwS6iUaOpVDo4e2uNMIR2Aa/pbGXDEC0kXj2eEdgOrh+2tSgeHNQ6sDcpKbW\r\nrMl2iMJC930WI4u6t0thLYTYpul53gAKpQzeK4kT/24HdpPCknqxn0pbTnMEXfZC\r\npJri0jvZtoWpMpmUXLIhpTKHreR6/v7Fz17ZshlUuJfi11e6l6y5vEFZko/5KZxD\r\nqEtfD3OeQhKO7Y55gsCf3r7SEDLSNDbfYqYn2Qv4b0QDPYjlZNZLXr2ldzHF7D2h\r\nq0ysFko6vOcgneNPCvd8joil7vgZGLSRIpgYEB9G2uBIgEaCV0/n6v5pJ5E2dyBu\r\n336ggdK9sojNvor7yzKKNs/uApD0nhR6vJS46JSVAVijIUmoLTepgEbPzdn/kGKa\r\n1MoybG+77CBL9visVFUF\r\n=155r\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-06-14T00:00:00", "published": "2014-06-14T00:00:00", "id": "SECURITYVULNS:DOC:30828", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30828", "title": "[SECURITY] [DSA 2956-1] icinga security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-3946", "CVE-2014-3781", "CVE-2014-2575", "CVE-2014-3945", "CVE-2014-2987", "CVE-2014-2303", "CVE-2014-3414", "CVE-2014-3947", "CVE-2014-2554", "CVE-2014-3948", "CVE-2014-3944", "CVE-2014-3137", "CVE-2014-3740", "CVE-2013-2251", "CVE-2014-3877", "CVE-2014-3446", "CVE-2014-3943", "CVE-2014-3941", "CVE-2014-3210", "CVE-2014-1402", "CVE-2014-0228", "CVE-2014-3415", "CVE-2014-0130", "CVE-2014-2577", "CVE-2014-3875", "CVE-2014-3942", "CVE-2014-3783", "CVE-2013-7106", "CVE-2014-2233", "CVE-2014-2843", "CVE-2014-3447", "CVE-2013-7107", "CVE-2014-3749", "CVE-2014-0081", "CVE-2014-2232", "CVE-2014-1855", "CVE-2014-1878", "CVE-2014-2302", "CVE-2014-0082", "CVE-2014-3876", "CVE-2014-2553", "CVE-2014-3782", "CVE-2014-2386", "CVE-2014-3966", "CVE-2013-5954", "CVE-2014-0107", "CVE-2014-3448", "CVE-2013-7108", "CVE-2014-2988", "CVE-2014-3445", "CVE-2014-3949"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-06-14T00:00:00", "published": "2014-06-14T00:00:00", "id": "SECURITYVULNS:VULN:13836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13836", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-6233", "CVE-2013-6231", "CVE-2014-2655", "CVE-2013-6429", "CVE-2012-2983", "CVE-2014-1879", "CVE-2014-1888", "CVE-2014-0053", "CVE-2014-2244", "CVE-2014-1206", "CVE-2014-1454", "CVE-2013-4152", "CVE-2014-2685", "CVE-2014-1216", "CVE-2014-2327", "CVE-2014-1224", "CVE-2014-2570", "CVE-2014-0097", "CVE-2014-2279", "CVE-2014-2332", "CVE-2014-1695", "CVE-2014-2280", "CVE-2014-2242", "CVE-2014-0054", "CVE-2012-2981", "CVE-2014-2330", "CVE-2014-2043", "CVE-2013-7106", "CVE-2012-2982", "CVE-2014-2682", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6234", "CVE-2013-4568", "CVE-2013-6472", "CVE-2013-5951", "CVE-2014-2243", "CVE-2012-4893", "CVE-2014-2035", "CVE-2014-2040", "CVE-2014-2331", "CVE-2013-7196", "CVE-2013-7195", "CVE-2013-6452", "CVE-2014-2531", "CVE-2014-2329", "CVE-2014-1471", "CVE-2014-2684", "CVE-2013-6232", "CVE-2014-2326", "CVE-2014-1904", "CVE-2013-6451", "CVE-2014-1455", "CVE-2014-2278", "CVE-2014-1223", "CVE-2014-1222", "CVE-2014-1889", "CVE-2014-1694", "CVE-2013-7108", "CVE-2014-2683", "CVE-2014-2328", "CVE-2014-2681"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:VULN:13733", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13733", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7205", "CVE-2012-6096", "CVE-2013-7108"], "description": "### Background\n\nNagios is an open source host, service and network monitoring program.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Nagios. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Nagios users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/nagios-core-3.5.1\"", "edition": 1, "modified": "2014-12-13T00:00:00", "published": "2014-12-13T00:00:00", "id": "GLSA-201412-23", "href": "https://security.gentoo.org/glsa/201412-23", "type": "gentoo", "title": "Nagios: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7205", "CVE-2012-6096", "CVE-2013-7108"], "description": "Gentoo Linux Local Security Checks GLSA 201412-23", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121309", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-23", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-23.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121309\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:14 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-23\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Nagios. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-23\");\n script_cve_id(\"CVE-2012-6096\", \"CVE-2013-7108\", \"CVE-2013-7205\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-23\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/nagios-core\", unaffected: make_list(\"ge 3.5.1\"), vulnerable: make_list(\"lt 3.5.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-08T00:00:00", "id": "OPENVAS:1361412562310843202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843202", "type": "openvas", "title": "Ubuntu Update for nagios3 USN-3253-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nagios3 USN-3253-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843202\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:04:35 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nagios3 USN-3253-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nagios3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3253-1 fixed vulnerabilities in Nagios.\n The update prevented log files from being displayed in the web interface. This\n update fixes the problem. We apologize for the inconvenience. Original advisory\n details: It was discovered that Nagios incorrectly handled certain long strings.\n A remote authenticated attacker could use this issue to cause Nagios to crash,\n resulting in a denial of service, or possibly obtain sensitive information.\n (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled\n certain long messages to cmd.cgi. A remote attacker could possibly use this\n issue to cause Nagios to crash, resulting in a denial of service.\n (CVE-2014-1878) Dawid Golunski discovered that Nagios incorrectly handled\n symlinks when accessing log files. A local attacker could possibly use this\n issue to elevate privileges. In the default installation of Ubuntu, this should\n be prevented by the Yama link restrictions. (CVE-2016-9566)\");\n script_tag(name:\"affected\", value:\"nagios3 on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3253-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3253-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1-1ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1-1ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2.1ubuntu5.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2.1ubuntu5.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2.1ubuntu3.3\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2.1ubuntu3.3\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2.1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2.1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-04T00:00:00", "id": "OPENVAS:1361412562310843124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843124", "type": "openvas", "title": "Ubuntu Update for nagios3 USN-3253-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nagios3 USN-3253-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843124\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-04 06:30:23 +0200 (Tue, 04 Apr 2017)\");\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nagios3 USN-3253-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nagios3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Nagios incorrectly\n handled certain long strings. A remote authenticated attacker could use this\n issue to cause Nagios to crash, resulting in a denial of service, or possibly\n obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered\n that Nagios incorrectly handled certain long messages to cmd.cgi. A remote\n attacker could possibly use this issue to cause Nagios to crash, resulting in a\n denial of service. (CVE-2014-1878) Dawid Golunski discovered that Nagios\n incorrectly handled symlinks when accessing log files. A local attacker could\n possibly use this issue to elevate privileges. In the default installation of\n Ubuntu, this should be prevented by the Yama link restrictions.\n (CVE-2016-9566)\");\n script_tag(name:\"affected\", value:\"nagios3 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3253-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3253-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2.1ubuntu3.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2.1ubuntu3.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2.1ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2.1ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:12:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9566", "CVE-2018-18245", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "Several issues were corrected in nagios3, a monitoring and management\nsystem for hosts, services and networks.\n\nCVE-2018-18245\n\nMaximilian Boehner of usd AG found a cross-site scripting (XSS)\nvulnerability in Nagios Core. This vulnerability allows attackers\nto place malicious JavaScript code into the web frontend through\nmanipulation of plugin output. In order to do this the attacker\nneeds to be able to manipulate the output returned by nagios\nchecks, e.g. by replacing a plugin on one of the monitored\nendpoints. Execution of the payload then requires that an\nauthenticated user creates an alert summary report which contains\nthe corresponding output.\n\nCVE-2016-9566\n\nIt was discovered that local users with access to an account in\nthe nagios group are able to gain root privileges via a symlink\nattack on the debug log file.\n\nCVE-2014-1878\n\nAn issue was corrected that allowed remote attackers to cause a\nstack-based buffer overflow and subsequently a denial of service\n(segmentation fault) via a long message to cmd.cgi.\n\nCVE-2013-7205, CVE-2013-7108\n\nA flaw was corrected in Nagios that could be exploited to cause a\ndenial-of-service. This vulnerability is induced due to an\noff-by-one error within the process_cgivars() function, which can\nbe exploited to cause an out-of-bounds read by sending a\nspecially-crafted key value to the Nagios web UI.", "modified": "2020-01-29T00:00:00", "published": "2018-12-28T00:00:00", "id": "OPENVAS:1361412562310891615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891615", "type": "openvas", "title": "Debian LTS: Security Advisory for nagios3 (DLA-1615-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891615\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2013-7108\", \"CVE-2013-7205\", \"CVE-2014-1878\", \"CVE-2016-9566\", \"CVE-2018-18245\");\n script_name(\"Debian LTS: Security Advisory for nagios3 (DLA-1615-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-28 00:00:00 +0100 (Fri, 28 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"nagios3 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.5.1.dfsg-2+deb8u1.\n\nWe recommend that you upgrade your nagios3 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues were corrected in nagios3, a monitoring and management\nsystem for hosts, services and networks.\n\nCVE-2018-18245\n\nMaximilian Boehner of usd AG found a cross-site scripting (XSS)\nvulnerability in Nagios Core. This vulnerability allows attackers\nto place malicious JavaScript code into the web frontend through\nmanipulation of plugin output. In order to do this the attacker\nneeds to be able to manipulate the output returned by nagios\nchecks, e.g. by replacing a plugin on one of the monitored\nendpoints. Execution of the payload then requires that an\nauthenticated user creates an alert summary report which contains\nthe corresponding output.\n\nCVE-2016-9566\n\nIt was discovered that local users with access to an account in\nthe nagios group are able to gain root privileges via a symlink\nattack on the debug log file.\n\nCVE-2014-1878\n\nAn issue was corrected that allowed remote attackers to cause a\nstack-based buffer overflow and subsequently a denial of service\n(segmentation fault) via a long message to cmd.cgi.\n\nCVE-2013-7205, CVE-2013-7108\n\nA flaw was corrected in Nagios that could be exploited to cause a\ndenial-of-service. This vulnerability is induced due to an\noff-by-one error within the process_cgivars() function, which can\nbe exploited to cause an out-of-bounds read by sending a\nspecially-crafted key value to the Nagios web UI.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3-cgi\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3-common\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3-core\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3-dbg\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nagios3-doc\", ver:\"3.5.1.dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "modified": "2017-07-10T00:00:00", "published": "2014-06-11T00:00:00", "id": "OPENVAS:702956", "href": "http://plugins.openvas.org/nasl.php?oid=702956", "type": "openvas", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702956);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "modified": "2019-03-19T00:00:00", "published": "2014-06-11T00:00:00", "id": "OPENVAS:1361412562310702956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "type": "openvas", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2956.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"icinga on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files \nfrom being displayed in the web interface. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that Nagios incorrectly handled certain long strings. A \nremote authenticated attacker could use this issue to cause Nagios to \ncrash, resulting in a denial of service, or possibly obtain sensitive \ninformation. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain long messages to \ncmd.cgi. A remote attacker could possibly use this issue to cause Nagios to \ncrash, resulting in a denial of service. (CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled symlinks when \naccessing log files. A local attacker could possibly use this issue to \nelevate privileges. In the default installation of Ubuntu, this should be \nprevented by the Yama link restrictions. (CVE-2016-9566)", "edition": 5, "modified": "2017-06-07T00:00:00", "published": "2017-06-07T00:00:00", "id": "USN-3253-2", "href": "https://ubuntu.com/security/notices/USN-3253-2", "title": "Nagios regression", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9566", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "It was discovered that Nagios incorrectly handled certain long strings. A \nremote authenticated attacker could use this issue to cause Nagios to \ncrash, resulting in a denial of service, or possibly obtain sensitive \ninformation. (CVE-2013-7108, CVE-2013-7205)\n\nIt was discovered that Nagios incorrectly handled certain long messages to \ncmd.cgi. A remote attacker could possibly use this issue to cause Nagios to \ncrash, resulting in a denial of service. (CVE-2014-1878)\n\nDawid Golunski discovered that Nagios incorrectly handled symlinks when \naccessing log files. A local attacker could possibly use this issue to \nelevate privileges. In the default installation of Ubuntu, this should be \nprevented by the Yama link restrictions. (CVE-2016-9566)", "edition": 5, "modified": "2017-04-03T00:00:00", "published": "2017-04-03T00:00:00", "id": "USN-3253-1", "href": "https://ubuntu.com/security/notices/USN-3253-1", "title": "Nagios vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:51:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9566", "CVE-2018-18245", "CVE-2014-1878", "CVE-2013-7205", "CVE-2013-7108"], "description": "Package : nagios3\nVersion : 3.5.1.dfsg-2+deb8u1\nCVE ID : CVE-2013-7108 CVE-2013-7205 CVE-2014-1878\n CVE-2016-9566 CVE-2018-18245\nDebian Bug : 771466 823721 917138\n\nSeveral issues were corrected in nagios3, a monitoring and management\nsystem for hosts, services and networks.\n\nCVE-2018-18245\n\n Maximilian Boehner of usd AG found a cross-site scripting (XSS)\n vulnerability in Nagios Core. This vulnerability allows attackers\n to place malicious JavaScript code into the web frontend through\n manipulation of plugin output. In order to do this the attacker\n needs to be able to manipulate the output returned by nagios\n checks, e.g. by replacing a plugin on one of the monitored\n endpoints. Execution of the payload then requires that an\n authenticated user creates an alert summary report which contains\n the corresponding output.\n\nCVE-2016-9566\n\n It was discovered that local users with access to an account in\n the nagios group are able to gain root privileges via a symlink\n attack on the debug log file.\n\nCVE-2014-1878\n\n An issue was corrected that allowed remote attackers to cause a\n stack-based buffer overflow and subsequently a denial of service\n (segmentation fault) via a long message to cmd.cgi.\n\nCVE-2013-7205 | CVE-2013-7108\n\n A flaw was corrected in Nagios that could be exploited to cause a\n denial-of-service. This vulnerability is induced due to an\n off-by-one error within the process_cgivars() function, which can\n be exploited to cause an out-of-bounds read by sending a\n specially-crafted key value to the Nagios web UI.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.5.1.dfsg-2+deb8u1.\n\nWe recommend that you upgrade your nagios3 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-12-24T18:11:14", "published": "2018-12-24T18:11:14", "id": "DEBIAN:DLA-1615-1:D4F7C", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201812/msg00014.html", "title": "[SECURITY] [DLA 1615-1] nagios3 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:17:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1878", "CVE-2013-7108"], "description": "Package : icinga\nVersion : 1.0.2-2+squeeze2\nCVE ID : CVE-2013-7108 CVE-2014-1878\n\nTwo fixes for the Classic UI:\n - fix off-by-one memory access in process_cgivars() (CVE-2013-7108)\n - prevent possible buffer overflows in cmd.cgi (CVE-2014-1878)\n", "edition": 7, "modified": "2014-09-24T16:15:08", "published": "2014-09-24T16:15:08", "id": "DEBIAN:DLA-60-1:5B1EB", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201409/msg00017.html", "title": "[SECURITY] [DLA 60-1] icinga security update", "type": "debian", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-08-12T01:09:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2014-06-11T14:34:43", "published": "2014-06-11T14:34:43", "id": "DEBIAN:DSA-2956-1:6D0D0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00136.html", "title": "[SECURITY] [DSA 2956-1] icinga security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-04T09:03:29", "description": "Icinga cgi/config.c process_cgivars Function Off-by-one Read Remote DoS. CVE-2013-7108. Webapps exploit for cgi platform", "published": "2013-12-16T00:00:00", "type": "exploitdb", "title": "Icinga cgi/config.c process_cgivars Function Off-by-one Read Remote DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-7108"], "modified": "2013-12-16T00:00:00", "id": "EDB-ID:38882", "href": "https://www.exploit-db.com/exploits/38882/", "sourceData": "source: http://www.securityfocus.com/bid/64363/info\r\n\r\nIcinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition.\r\n\r\nAttackers may exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users. \r\n\r\nhttp://www.example.com/cgi-bin/config.cgi?b=aaaa[..2000 times] ", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/38882/"}], "amazon": [{"lastseen": "2020-11-10T12:37:37", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4214", "CVE-2016-9566", "CVE-2014-5009", "CVE-2008-4796", "CVE-2008-7313", "CVE-2014-1878", "CVE-2013-7205", "CVE-2014-5008", "CVE-2013-7108"], "description": "**Issue Overview:**\n\nMultiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.\n\nStack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.\n\nVarious command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.\n\nA privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the \"nagios\" user/group) could use this flaw to elevate their privileges to root.\n\nOff-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.\n\nrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.\n\nThe _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.\n\n \n**Affected Packages:** \n\n\nnagios\n\n \n**Issue Correction:** \nRun _yum update nagios_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nagios-devel-3.5.1-2.10.amzn1.i686 \n nagios-common-3.5.1-2.10.amzn1.i686 \n nagios-debuginfo-3.5.1-2.10.amzn1.i686 \n nagios-3.5.1-2.10.amzn1.i686 \n \n src: \n nagios-3.5.1-2.10.amzn1.src \n \n x86_64: \n nagios-3.5.1-2.10.amzn1.x86_64 \n nagios-common-3.5.1-2.10.amzn1.x86_64 \n nagios-debuginfo-3.5.1-2.10.amzn1.x86_64 \n nagios-devel-3.5.1-2.10.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2017-10-03T11:00:00", "published": "2017-10-03T11:00:00", "id": "ALAS-2017-899", "href": "https://alas.aws.amazon.com/ALAS-2017-899.html", "title": "Important: nagios", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
