MagpieRSS, as used in the front-end component in Nagios Core prior to 4.2.2 might allow remote malicious users to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software.
The flaws were privately disclosed by researcher Dawid Golunski of Legal Hackers, who said the vulnerabilities can be exploited to elevate privileges to root and gain remote code execution.
Users should upgrade to Nagios Core 4.2.4; previous versions are vulnerable.
Golunski said in an advisory tha...