漏洞类别:General remote services
漏洞等级: 
漏洞信息
Nagios Core is a free and open source computer-software application that monitors systems, networks and infrastructure.
The vulnerability is caused by the implementation of a vulnerable component for handling RSS news feeds - MagpieRSS in Nagios Core. The affected component is used by Nagios front-end to load news feeds from remote feed source upon log-in. The component was found vulnerable to CVE-2008-4796, for which a fix was incomplete.
Affected Versions:
Nagios versions prior to 4.2.2
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to inject malicious parameters to curl command and read/write arbitrary files on the target Nagios server, which may lead to arbitrary code execution.
解决方案
Customers are advised to upgrade to Nagios 4.2.2 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论