CVE-2016-9565
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
Find out more about CVE-2016-9565 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
CVSS v3 metrics
| CVSS3 Base Score | 8.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (nagios) | RHSA-2017:0211 | 2017-01-31 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (nagios) | RHSA-2017:0213 | 2017-01-31 |
| Red Hat Gluster Storage Server 3.1 on RHEL-7 (nagios) | RHSA-2017:0258 | 2017-02-07 |
| Red Hat Gluster Storage Nagios 3.1 on RHEL-6 (nagios) | RHSA-2017:0259 | 2017-02-07 |
| Red Hat Gluster Storage Server 3.1 on RHEL-6 (nagios) | RHSA-2017:0259 | 2017-02-07 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (nagios) | RHSA-2017:0212 | 2017-01-31 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (nagios) | RHSA-2017:0214 | 2017-01-31 |
| Red Hat Gluster Storage Nagios 3.1 on RHEL-7 (nagios) | RHSA-2017:0258 | 2017-02-07 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 9.0 | nagios | Not affected |
| Red Hat OpenStack Platform 8.0 (Liberty) | nagios | Not affected |
| Red Hat OpenStack Platform 10 | nagios | Not affected |
| Red Hat Mobile Application Platform On-Premise 4 | nagios | Will not fix |
Mitigation
#!/bin/bash
mv /usr/share/nagios/html/includes/rss /usr/share/nagios/html/includes/rss.disarmed
mv /usr/share/nagios/html/rss-corefeed.php /usr/share/nagios/html/rss-corefeed.php.disarmed
mv /usr/share/nagios/html/rss-newsfeed.php /usr/share/nagios/html/rss-newsfeed.php.disarmed
This should disable rss from nagios installation and stop affected php code from being executed. Only downside to this would be news widget wont fetch any data from nagios.org rss feeds.