Nagios is a network host and service monitoring and management system.
history.cgi script is vulnerable to a stack overflow when parsing the
host parameter. This may allow an attacker to execute arbitrary code on the target system under the context of the Nagios webserver process.
Upgrade to Nagios 3.4.4 or later.
This exploit has been tested against Nagios Enterprises Nagios 3.4.3 on CentOS 6 (Exec-Shield Enabled).
This exploit creates an executable file in /tmp/x which should be manually removed after successful exploitation. As such, this exploit also requires /tmp to be mounted without the
This exploit requires the
base64 utility to be installed on the system.