CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Added: 01/28/2013
CVE: CVE-2012-6096
BID: 56879
OSVDB: 88322
Nagios is a network host and service monitoring and management system.
The Nagios history.cgi
script is vulnerable to a stack overflow when parsing the host
parameter. This may allow an attacker to execute arbitrary code on the target system under the context of the Nagios webserver process.
Upgrade to Nagios 3.4.4 or later.
<http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html>
<https://dev.icinga.org/issues/3532>
<https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/>
This exploit has been tested against Nagios Enterprises Nagios 3.4.3 on CentOS 6 (Exec-Shield Enabled).
This exploit creates an executable file in /tmp/x which should be manually removed after successful exploitation. As such, this exploit also requires /tmp to be mounted without the noexec
flag.
This exploit requires the base64
utility to be installed on the system.
Linux