Your submission was sent successfully! Close

CVE-2016-9565

Published: 15 December 2016

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.

Notes

AuthorNote
ratliff
80_dont_call_home.patch removes RSS news feeds and update checks
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected [3.5.1-1ubuntu1])
upstream
Released (3.5.1-1)
xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable