Vulnerability Details : CVE-2012-6096
Public exploit exists!
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-6096
Probability of exploitation activity in the next 30 days: 96.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-6096
-
Nagios3 history.cgi Host Command Execution
Disclosure Date: 2012-12-09First seen: 2020-04-26exploit/unix/webapp/nagios3_history_cgiThis module abuses a command injection vulnerability in the Nagios3 history.cgi script. Authors: - Unknown <temp66@gmail.com> - blasty <blasty@fail0verflow.com> - Jose Selvi <jselvi@pentester.es> - Daniele Martini <cyrax@pkcrew.org>
CVSS scores for CVE-2012-6096
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-6096
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6096
-
http://www.debian.org/security/2013/dsa-2616
Debian -- Security Information -- DSA-2616-1 nagios3
-
https://dev.icinga.org/issues/3532
Vendor Advisory
-
http://www.securityfocus.com/bid/56879
Nagios Core 'get_history()' Function Stack Based Buffer Overflow VulnerabilityExploit
-
https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html
openSUSE-SU-2013:0188-1: moderate: update for nagios
-
http://www.debian.org/security/2013/dsa-2653
Debian -- Security Information -- DSA-2653-1 icinga
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html
openSUSE-SU-2013:0206-1: moderate: update for icinga
-
http://www.nagios.org/projects/nagioscore/history/core-3x
Nagios Core 3.x Version History - Nagios
-
http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html
[Full-Disclosure] Mailing List Charter
-
http://www.exploit-db.com/exploits/24084
Nagios3 - 'history.cgi' Remote Command Execution - Multiple remote ExploitExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=893269
893269 – (CVE-2012-6096) CVE-2012-6096 nagios: stack-based buffer overflow in history.cgi
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html
openSUSE-SU-2013:0140-1: moderate: update for nagios
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html
openSUSE-SU-2013:0169-1: moderate: update for icinga
-
http://www.exploit-db.com/exploits/24159
Nagios3 - 'history.cgi' Host Command Execution (Metasploit) - Linux remote ExploitExploit
Products affected by CVE-2012-6096
- cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*