My company uses the open source tool Nagios Core to support technology governance. I just found out this tool has...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
security vulnerabilities. What are they, and what should be done about them?
Nagios is a popular network monitoring tool. Now known as Nagios Core, it tracks the health of network services and the network infrastructure to make sure they are working properly. These network services include Simple Mail Transfer Protocol, Post Office Protocol 3 (POP3), HTTP, Network News Transfer Protocol, FTP and SSH.
In prior versions of Nagios Core 4.2.2, false alerts might have been sent to victims due to two vulnerabilities. Researcher Dawid Golunski of Legal Hackers found that an attacker could exploit these vulnerabilities to escalate privileges to root and to gain remote code execution.
Users with advanced and normal rights might not be able to use legitimate Nagios commands properly after receiving the alerts from the Nagios server. Users with read-only rights who are not allowed to use the commands might view the wrong hosts and services.
MagpieRSS, the star of the first vulnerability, displays news alerts sent from a Nagios RSS feed server. Lurking in the server is a command injection vulnerability (CVE-2016-9565) that might enable the attacker to read or write files by spoofing a response from the server.
Joining the stage as a supporting actor is the second vulnerability (CVE-2016-9566). Remote attackers with access to a Nagios account are able to gain root privileges by launching a symbolic link (symlink) attack on the log file. The symlink points to another file or folder transparent to the user. Leveraging MagpieRSS is not needed if the attackers are local.
If it's running earlier versions of Nagios, an organization should update to Nagios Core 4.2.4 or later for better support for technical governance. Nagios XI runs on Windows, Linux and VMware. An organization should use Nagios Log Server; Nagios Fusion, on centralized operational status; and Nagios Network Analyzer. Upgrading to a newer version is the only option for addressing these vulnerabilities, as older versions are still affected and have not been patched.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how to manage and monitor the modern hybrid network
Discover the latest developments and trends in enterprise network monitoring and management
Understand the difference between Internet Message Access Protocol and POP3 in Exchange Server
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Judith Myerson
Malware implants RedLeaves and PlugX infected networked systems in multiple industries and leveraged stolen administrator credentials. Expert Judith ...continue reading
A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to ...continue reading
A vulnerability in Intel AMT enables attackers to gain remote access to PCs and devices. Expert Judith Myerson explains how the attack works and what...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.