Bug 709871 (CVE-2011-2179) - CVE-2011-2179 nagios: XSS in configuration command expansion
Summary: CVE-2011-2179 nagios: XSS in configuration command expansion
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2179
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 690880 709874
Blocks: 734555
TreeView+ depends on / blocked
 
Reported: 2011-06-01 20:14 UTC by Vincent Danen
Modified: 2021-10-19 21:49 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-19 21:49:06 UTC


Attachments (Terms of Use)

Description Vincent Danen 2011-06-01 20:14:46 UTC
It was reported [1],[2] that an XSS vulnerability exists in Nagios when viewing the configuration and using command expansion, as there is no input validation for "expand" in config.c(gi):

View Config -> Command Expansion -> To expand -> <script>alert(String.fromCharCode(88,83,83))</script>
View Config -> Command Expansion -> To expand -> <body onload=alert(666)>

or 

http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<script>alert(String.fromCharCode(88,83,83))</script> [^]
http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<body [^] onload=alert(666)>

[1] http://tracker.nagios.org/view.php?id=224
[2] http://seclists.org/bugtraq/2011/Jun/17

Comment 1 Vincent Danen 2011-06-01 20:18:16 UTC
Created nagios tracking bugs for this issue

Affects: fedora-all [bug 709874]
Affects: epel-6 [bug 690880]

Comment 2 Jan Lieskovsky 2011-06-05 10:42:09 UTC
The CVE identifier of CVE-2011-2179 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2011/06/02/6

Comment 3 Huzaifa S. Sidhpurwala 2011-09-07 09:12:12 UTC
Upstream patch:
http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=1741


Note You need to log in before you can comment on or make changes to this bug.