7.5
CVSSv2

CVE-2016-9565

Published: 15/12/2016 Updated: 09/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

MagpieRSS, as used in the front-end component in Nagios Core prior to 4.2.2 might allow remote malicious users to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios

Vendor Advisories

Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface This flaw could be used to gain access to the remote system and in some scenarios control over the system ...

Exploits

#!/usr/bin/env python # Source: legalhackerscom/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796html intro = """\033[94m Nagios Core < 420 Curl Command Injection / Code Execution PoC Exploit CVE-2016-9565 nagios_cmd_injectionpy ver 10 Discovered & Coded by: Dawid Golunski legalhackerscom \033[0m ...

Mailing Lists

Nagios Core versions prior to 422 suffer from a curl command injection vulnerability that can lead to remote code execution ...

Github Repositories

nagios,zabbix,solr等平台一些漏洞的实现

nagios,zabbix,solr等平台一些漏洞的实现 Nagios core(CVE-2016-9565) Apache Solr XXE(CVE-2017-12629) Apache Solr RCE(CVE-2017-12629) Zabbix RCE (CVE-2017-2824) Zabbix 20 SQL Injection 漏洞的搭建、分析与exploit

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Recent Articles

Nagios Core Patches Root, RCE Vulnerabilities
Threatpost • Michael Mimoso • 16 Dec 2016

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software.
The flaws were privately disclosed by researcher Dawid Golunski of Legal Hackers, who said the vulnerabilities can be exploited to elevate privileges to root and gain remote code execution.
Users should upgrade to Nagios Core 4.2.4; previous versions are vulnerable.
Golunski said in an advisory tha...