Vulnerabilities > CVE-2018-13457 - NULL Pointer Dereference vulnerability in Nagios Core
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Nagios Core 4.4.1 - Denial of Service. CVE-2018-13441,CVE-2018-13457,CVE-2018-13458. Dos exploit for Linux platform |
| file | exploits/linux/dos/45082.txt |
| id | EDB-ID:45082 |
| last seen | 2018-07-24 |
| modified | 2018-07-24 |
| platform | linux |
| port | |
| published | 2018-07-24 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45082/ |
| title | Nagios Core 4.4.1 - Denial of Service |
| type | dos |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-0B44528FF1.NASL description Incorporate many fixes from Justin Paulsen <[email protected]> THANKS!!! ---- Updates to nagios-4.4.2 which is a major update. Fixes CVE last seen 2020-06-01 modified 2020-06-02 plugin id 121442 published 2019-01-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121442 title Fedora 28 : nagios (2019-0b44528ff1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-0b44528ff1. # include("compat.inc"); if (description) { script_id(121442); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:09"); script_cve_id("CVE-2016-8641", "CVE-2018-13441", "CVE-2018-13457", "CVE-2018-13458", "CVE-2018-18245"); script_xref(name:"FEDORA", value:"2019-0b44528ff1"); script_name(english:"Fedora 28 : nagios (2019-0b44528ff1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Incorporate many fixes from Justin Paulsen <[email protected]> THANKS!!! ---- Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441 CVE-2016-8641 ---- Remove section which unset nagios Fix BZ#1568273 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b44528ff1" ); script_set_attribute( attribute:"solution", value:"Update the affected nagios package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nagios"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"nagios-4.4.3-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagios"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-500.NASL description This update for nagios to version 4.4.5 fixes the following issues : - CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309) - CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832) - CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service vulnerabilities caused by NULL pointer dereference (boo#1101293, boo#1101289, boo#1101290). last seen 2020-04-17 modified 2020-04-14 plugin id 135448 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135448 title openSUSE Security Update : nagios (openSUSE-2020-500) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-500. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(135448); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/16"); script_cve_id("CVE-2018-13441", "CVE-2018-13457", "CVE-2018-13458", "CVE-2018-18245", "CVE-2019-3698"); script_name(english:"openSUSE Security Update : nagios (openSUSE-2020-500)"); script_summary(english:"Check for the openSUSE-2020-500 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for nagios to version 4.4.5 fixes the following issues : - CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309) - CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832) - CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service vulnerabilities caused by NULL pointer dereference (boo#1101293, boo#1101289, boo#1101290)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028975" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156309" ); script_set_attribute( attribute:"solution", value:"Update the affected nagios packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-theme-exfoliation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-www"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-www-dch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-www-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"nagios-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-contrib-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-debuginfo-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-debugsource-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-devel-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-theme-exfoliation-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-www-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-www-dch-4.4.5-lp151.5.4.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"nagios-www-debuginfo-4.4.5-lp151.5.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagios / nagios-contrib / nagios-debuginfo / nagios-debugsource / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-376ECC221C.NASL description Incorporate many fixes from Justin Paulsen <[email protected]> THANKS!!! ---- Updates to nagios-4.4.2 which is a major update. Fixes CVE last seen 2020-06-01 modified 2020-06-02 plugin id 121443 published 2019-01-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121443 title Fedora 29 : nagios (2019-376ecc221c) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-376ecc221c. # include("compat.inc"); if (description) { script_id(121443); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2016-8641", "CVE-2018-13441", "CVE-2018-13457", "CVE-2018-13458", "CVE-2018-18245"); script_xref(name:"FEDORA", value:"2019-376ecc221c"); script_name(english:"Fedora 29 : nagios (2019-376ecc221c)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Incorporate many fixes from Justin Paulsen <[email protected]> THANKS!!! ---- Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441 CVE-2016-8641 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-376ecc221c" ); script_set_attribute( attribute:"solution", value:"Update the affected nagios package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nagios"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"nagios-4.4.3-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagios"); }
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148681/nagioscore-dos.txt |
| id | PACKETSTORM:148681 |
| last seen | 2018-07-31 |
| published | 2018-07-25 |
| reporter | Fakhri Zulkifli |
| source | https://packetstormsecurity.com/files/148681/Nagios-Core-4.4.1-Local-Denial-Of-Service.html |
| title | Nagios Core 4.4.1 Local Denial Of Service |
References
- https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab
- https://www.exploit-db.com/exploits/45082/
- https://knowledge.opsview.com/v5.4/docs/whats-new
- https://knowledge.opsview.com/v5.3/docs/whats-new
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html