Vulnerability Details : CVE-2012-6096
Public exploit exists!
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-6096
- cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6096
78.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-6096
-
Nagios3 history.cgi Host Command Execution
Disclosure Date: 2012-12-09First seen: 2020-04-26exploit/unix/webapp/nagios3_history_cgiThis module abuses a command injection vulnerability in the Nagios3 history.cgi script. Authors: - Unknown <temp66@gmail.com> - blasty <blasty@fail0verflow.com> - Jose Selvi <jselvi@pentester.es> - Daniele Martini <cyrax@pkcrew.org>
CVSS scores for CVE-2012-6096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-6096
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6096
-
http://www.debian.org/security/2013/dsa-2616
Debian -- Security Information -- DSA-2616-1 nagios3
-
https://dev.icinga.org/issues/3532
Vendor Advisory
-
http://www.securityfocus.com/bid/56879
Nagios Core 'get_history()' Function Stack Based Buffer Overflow VulnerabilityExploit
-
https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html
openSUSE-SU-2013:0188-1: moderate: update for nagios
-
http://www.debian.org/security/2013/dsa-2653
Debian -- Security Information -- DSA-2653-1 icinga
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html
openSUSE-SU-2013:0206-1: moderate: update for icinga
-
http://www.nagios.org/projects/nagioscore/history/core-3x
Nagios Core 3.x Version History - Nagios
-
http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html
[Full-Disclosure] Mailing List Charter
-
http://www.exploit-db.com/exploits/24084
Nagios3 - 'history.cgi' Remote Command Execution - Multiple remote ExploitExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=893269
893269 – (CVE-2012-6096) CVE-2012-6096 nagios: stack-based buffer overflow in history.cgi
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html
openSUSE-SU-2013:0140-1: moderate: update for nagios
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html
openSUSE-SU-2013:0169-1: moderate: update for icinga
-
http://www.exploit-db.com/exploits/24159
Nagios3 - 'history.cgi' Host Command Execution (Metasploit) - Linux remote ExploitExploit
Jump to