Debian: Security Advisory (DLA-751-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0045)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in nagios affects PowerKVM

Summary PowerKVM is affected by a vulnerability in nagios. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-9565 DESCRIPTION: Nagios Core could allow a remote attacker to execute arbitrary command on the system, caused by an error in the RSS feed reader component. B...

Important: Red Hat Security Advisory: nagios security update

An update for nagios is now available for Red Hat Gluster Storage 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nagios security update

An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: nagios security update

An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Debian DLA-751-1 : nagios3 security update

Nagios was found to be vulnerable to two security issues that, when combined, lead to a remote root code execution vulnerability. Fortunately, the hardened permissions of the Debian package limit the effect of those to information disclosure, but privilege escalation to root is still possible...

[SECURITY] [DLA 751-1] nagios3 security update

Package : nagios3 Version : 3.4.1-3+deb7u3 CVE ID : CVE-2016-9565 CVE-2016-9566 Nagios was found to be vulnerable to two security issues that, when combined, lead to a remote root code execution vulnerability. Fortunately, the hardened permissions of the Debian package limit the effect of those t...

The Nagios Core code execution vulnerability, CVE-2016-9565 analysis-vulnerability warning-the black bar safety net

Author: p0wd3r, dawu know Chong Yu 404 security lab Date: 2016-12-15 0x00 vulnerability overview 1. Vulnerability description Nagios is a monitoring of the IT infrastructure program, recently security researchers Dawid Golunski found in Nagios Core there is a code execution vulnerability: an...

Nagios 4.2.2 - Arbitrary Code Execution Exploit

Exploit for linux platform in category remote exploits ''' Source: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com -...

CVE-2016-9565

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796...

CVE-2016-9566

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

CVE-2016-9566

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

CVE-2016-9565

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796...

Design/Logic Flaw

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

CVE-2016-9565

CVE-2016-9565 affects Nagios Core before 4.2.2 via MagpieRSS in the front-end component, allowing remote attackers to read or write arbitrary files by spoofing a crafted response from the Nagios RSS feed server; this follows an incomplete fix for CVE-2008-4796. Connected advisories indicate multi...

CVE-2016-9566

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

EUVD-2016-10372

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

CVE-2016-9566

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565...

Nagios 4.2.2 - Arbitrary Code Execution

Nagios 4.2.2 - Arbitrary Code Execution !/usr/bin/env python Source: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html intro = """\03394m Nagios Core 4.2.0 Curl Command Injection / Code Execution PoC Exploit CVE-2016-9565 nagioscmdinjection.py ver...