Bug 1121497 (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009)
| Summary: | CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aavati, abaron, affix, aortega, apevec, ayoung, chrisw, dallan, david, extras-orphan, gkotton, gmollett, jose.p.oliveira.oss, lemenkov, lhh, linux, lpeer, markmc, mmagr, nlevinki, ondrejj, poelstra, rbryant, rfortier, rhs-bugs, sclewis, shawn.starr, slong, smohan, ssaha, s, tsuter, vbellur, yeylon |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-01-31 22:35:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1121499, 1121500, 1121501, 1121502, 1121503, 1413480, 1413481, 1413482, 1413483 | ||
| Bug Blocks: | 1121504 | ||
|
Description
Murray McAllister
2014-07-21 06:11:00 UTC
> This was fixed with the following: > > http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class. > php?view=log#rev1.29 and further corrected in the subsequent commits > > And assigned CVE-2014-5009 (as an incomplete fix for CVE-2014-5008). Created sahana tracking bugs for this issue: Affects: fedora-all [bug 1121501] Affects: epel-5 [bug 1121502] Created wordpress-mu tracking bugs for this issue: Affects: epel-5 [bug 1121503] Created nagios tracking bugs for this issue: Affects: fedora-all [bug 1121499] Affects: epel-all [bug 1121500] Nagios as included in storage and openstack does not appear to expose the vulnerable code.
There is example code in the nagios src package that is vulnerable but it is not included in the built packages.
There is only 2 places that the vulnerable code is reached in nagios:
1. rss-corefeed.php:
18 function do_corefeed_html() {
19
20 $url="http://www.nagios.org/backend/feeds/corepromo";
21 $rss=fetch_rss($url);
2. rss-newsfeed.php:
16 function do_newsfeed_html() {
17
18 $url="http://www.nagios.org/backend/feeds/frontpage/";
19 $rss=fetch_rss($url);
Neither of these accept anything but static input.
This is now being fixed; reopening. This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0214 https://rhn.redhat.com/errata/RHSA-2017-0214.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0213 https://rhn.redhat.com/errata/RHSA-2017-0213.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0212 https://rhn.redhat.com/errata/RHSA-2017-0212.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0211 https://rhn.redhat.com/errata/RHSA-2017-0211.html |