7.5
CVSSv2

CVE-2012-6096

Published: 22/01/2013 Updated: 05/06/2013
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core prior to 3.4.4, and Icinga 1.6.x prior to 1.6.2, 1.7.x prior to 1.7.4, and 1.8.x prior to 1.8.4, might allow remote malicious users to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios 3.0

nagios nagios 3.1.2

nagios nagios 3.2.2

nagios nagios 3.2.0

nagios nagios 3.1.1

nagios nagios 3.0.6

nagios nagios 3.0.1

nagios nagios 3.4.1

nagios nagios 3.0.2

nagios nagios 3.1.0

nagios nagios 3.4.2

nagios nagios 3.0.4

nagios nagios 3.2.1

nagios nagios

nagios nagios 3.0.3

nagios nagios 3.2.3

nagios nagios 3.3.1

nagios nagios 3.0.5

nagios nagios 3.4.0

icinga icinga 1.6.1

icinga icinga 1.7.0

icinga icinga 1.8.2

icinga icinga 1.8.0

icinga icinga 1.7.2

icinga icinga 1.7.3

icinga icinga 1.8.3

icinga icinga 1.8.1

icinga icinga 1.6.0

icinga icinga 1.7.1

Vendor Advisories

Debian Bug report logs - #697930 nagios3: CVE-2012-6096 Package: nagios3; Maintainer for nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for nagios3 is src:nagios3 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 11 Jan 2013 13:57:04 UTC S ...
It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the historycgi CGI program For the stable distribution (squeeze), this problem has been fixed in version 102-2+squeeze1 For the testing distribution (wheezy), this problem has been fixed in version 171-5 For the unstable distribution (s ...

Exploits

Nagios version 3x suffers from a remote command execution vulnerability in historycgi ...
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Ms ...
#!/usr/bin/python # # CVE-2012-6096 - Nagios historycgi Remote Command Execution # =========================================================== # Another year, another reincarnation of classic and trivial # bugs to exploit This time we attack Nagios or more # specifically, one of its CGI scripts [1] # # The Nagios code is an amazing monster I ...