Описание
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
Меры по смягчению последствий
#!/bin/bash mv /usr/share/nagios/html/includes/rss /usr/share/nagios/html/includes/rss.disarmed mv /usr/share/nagios/html/rss-corefeed.php /usr/share/nagios/html/rss-corefeed.php.disarmed mv /usr/share/nagios/html/rss-newsfeed.php /usr/share/nagios/html/rss-newsfeed.php.disarmed This should disable rss from nagios installation and stop affected php code from being executed. Only downside to this would be news widget wont fetch any data from nagios.org rss feeds.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | nagios | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | nagios | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | nagios | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | nagios | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | nagios | Fixed | RHSA-2017:0212 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | nagios | Fixed | RHSA-2017:0211 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | nagios | Fixed | RHSA-2017:0213 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | nagios | Fixed | RHSA-2017:0214 | 31.01.2017 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | nagios | Fixed | RHSA-2017:0259 | 07.02.2017 |
| Red Hat Gluster Storage 3.1 for RHEL 7 | nagios | Fixed | RHSA-2017:0258 | 07.02.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
MagpieRSS, as used in the front-end component in Nagios Core before 4. ...
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2