Univention Bugzilla – Bug 48407
nagios3: Multiple issues (4.2)
Last modified: 2019-01-09 14:16:44 CET
New Debian nagios3 3.5.1.dfsg-2+deb8u1 fixes: This update addresses the following issues: * denial of service due to off-by-one flaw in process_cgivars() (CVE-2013-7108) * denial of service due to off-by-one flaw in process_cgivars() (CVE-2013-7205) * possible buffer overflows in cmd.cgi (CVE-2014-1878) * Privilege escalation issue (CVE-2016-9566) * Stored XSS via Plugin Output (CVE-2018-18245)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/nagios3_3.5.1.dfsg-2.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/nagios3_3.5.1.dfsg-2+deb8u1.dsc @@ -1,3 +1,31 @@ +3.5.1.dfsg-2+deb8u1 [Mon, 24 Dec 2018 16:23:03 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix the following security vulnerabilities: + - CVE-2018-18245: + Maximilian Boehner of usd AG found a cross-site scripting (XSS) + vulnerability in Nagios Core. This vulnerability allows attackers to + place malicious JavaScript code into the web frontend through + manipulation of plugin output. In order to do this the attacker needs to + be able to manipulate the output returned by nagios checks, e.g. by + replacing a plugin on one of the monitored endpoints. Execution of the + payload then requires that an authenticated user creates an alert summary + report which contains the corresponding output. + - CVE-2016-9566: + It was discovered that local users with access to an account in the + nagios group are able to gain root privileges via a symlink attack on the + debug log file. + - CVE-2014-1878: + An issue was corrected that allowed remote attackers to cause a + stack-based buffer overflow and subsequently a denial of service + (segmentation fault) via a long message to cmd.cgi. + - CVE-2013-7205 | CVE-2013-7108: + A flaw was corrected in Nagios that could be exploited to cause a + denial-of-service. This vulnerability is induced due to an off-by-one + error within the process_cgivars() function, which can be exploited to + cause an out-of-bounds read by sending a specially-crafted key value to + the Nagios web UI. + 3.5.1.dfsg-2 [Sun, 05 Oct 2014 11:53:19 +0200] Alexander Wirt <formorer@debian.org>: * [a72437b] Make apache.conf compatible with apache 2.4.10 (Closes: #762096) <http://10.200.17.11/4.2-5/#5727988969950276773>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts > INFO: Warning: Package purging left files on system: > INFO: After purging files have disappeared: [4.2-5] 31b82d8a9a Bug #48407: nagios3 3.5.1.dfsg-2+deb8u1 doc/errata/staging/nagios3.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) [4.2-5] a2d74cba91 Bug #48407: nagios3 3.5.1.dfsg-2+deb8u1 doc/errata/staging/nagios3.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<http://errata.software-univention.de/ucs/4.2/573.html>