Amazon Linux AMI : nagios (ALAS-2017-899)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,
and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2
allow remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list to the process_cgivars
function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5)
histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9)
statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers
a heap-based buffer over-read.

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before
1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote
attackers to cause a denial of service (segmentation fault) via a long
message to cmd.cgi.

Various command-execution flaws were found in the Snoopy library
included with Nagios. These flaws allowed remote attackers to execute
arbitrary commands by manipulating Nagios HTTP headers.

A privilege escalation flaw was found in the way Nagios handled log
files. An attacker able to control the Nagios logging configuration
(the 'nagios' user/group) could use this flaw to elevate their
privileges to root.

Off-by-one error in the process_cgivars function in
contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows
remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list, which triggers a
heap-based buffer over-read.

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when
MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary
files via a symlink attack on /tmp/magpie_cache.

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara,
(4) mediamate, (5) opendb, (6) pixelpost, and possibly other products,
allows remote attackers to execute arbitrary commands via shell
metacharacters in https URLs.

See also :

https://alas.aws.amazon.com/ALAS-2017-899.html

Solution :

Run 'yum update nagios' to update your system.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 103651 ()

Bugtraq ID:

CVE ID: CVE-2008-4796
CVE-2008-7313
CVE-2013-4214
CVE-2013-7108
CVE-2013-7205
CVE-2014-1878
CVE-2014-5008
CVE-2014-5009
CVE-2016-9566

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now