Name | CVE-2016-9565 |
Description | MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-751-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
nagios3 (PTS) | jessie, jessie (lts) | 3.5.1.dfsg-2+deb8u1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
nagios3 | source | wheezy | 3.4.1-3+deb7u3 | | DLA-751-1 | |
nagios3 | source | (unstable) | 3.5.1-1 | | | |
Notes
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected
function was removed.
The scope of the CVE is specific to Nagios.
impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable