| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Nov 2012 10:25:45 +0000 From: NCC Group Research <research@...group.com> To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com> Subject: NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection ======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton <daniel.compton@...secure.com> Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine ======== Discovered: 30 January 2012 Released: 31 January 2012 Approved: 31 January 2012 Reported: 31 January 2012 Fixed: 23 May 2012 Published: 30 November 2012 =========== Description =========== Nagios XI Network Monitor 2011R1.9 - OS Command Injection/Execution within the administrator/monitoring interface. This is a commertical product for monitoring severs and network monitoring equipment. I. VULNERABILITY ------------------------- Nagios XI Network Monitor 2011R1.9 suffers from OS command injection in several pages and parameters. This is exploitable as an authenticated user. II. BACKGROUND ------------------------- Nagios provide enterprise level network and server monitor software. http://www.nagios.com/ III. DESCRIPTION ------------------------- OS command injection has been found and exploited/confirmed within the software as an authenticated user. This is the latest version of Nagios XI. ================= Technical Details ================= IV. PROOF OF CONCEPT ------------------------- The following URL and parameters have been confirmed to all suffer from OS command injection. /nagiosxi/includes/components/graphexplorer/visApi.php (GET parameters: host, service, opt, end, start) URL: http://192.168.1.121/nagiosxi/includes/components/graphexplorer/visApi.php?type=stack&host=localhost`cat%20/etc/passwd%20>%20/tmp/passwd.txt`&service=Swap_Usage&div=visContainer1566841654&opt=days Result: creates a new file with /etc/passwd contents. =============== Fix Information =============== Resolved in SVN 1.3 of Graph Explorer http://exchange.nagios.org/directory/Addons/Components/Graph-Explorer-Component/details CHANGES: 1.3 05/23/2012 ======================== - Fixed shell vulnerabilities (reported by Daniel Compton from NGS Secure) NCC Group Research http://www.nccgroup.com/research For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br> This email message has been delivered safely and archived online by Mimecast. </a>
Powered by blists - more mailing lists