'Re: [oss-security] Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2016-12-21 22:30:15
Message-ID: 20161221233015.27a0038d () redhat ! com
[Download RAW message or body]

On Tue, 20 Dec 2016 17:12:58 -0200 Dawid Golunski wrote:

> Vulnerability:
> Nagios Core < 4.2.2  Curl Command Injection / Remote Code Execution

Your report should mention that this issue was in Snoopy:

https://sourceforge.net/projects/snoopy/

which was embedded in MagpieRSS, which was embedded in Nagios.

> CVE-2016-9565

It's the same issue as CVE-2014-5008:

http://seclists.org/oss-sec/2014/q3/176

-- 
Tomas Hoger / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic