CVE-2016-9565

2016-12-16T10:17:33
ID RH:CVE-2016-9565
Type redhatcve
Reporter redhat.com
Modified 2021-05-29T21:44:34

Description

It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.

Mitigation

!/bin/bash

mv /usr/share/nagios/html/includes/rss /usr/share/nagios/html/includes/rss.disarmed
mv /usr/share/nagios/html/rss-corefeed.php /usr/share/nagios/html/rss-corefeed.php.disarmed
mv /usr/share/nagios/html/rss-newsfeed.php /usr/share/nagios/html/rss-newsfeed.php.disarmed

This should disable rss from nagios installation and stop affected php code from being executed. Only downside to this would be news widget wont fetch any data from nagios.org rss feeds.