Advisory: Cross-Site Scripting vulnerability in Nagios Advisory ID: SSCHADV2011-006 Author: Stefan Schurtz Affected Software: Successfully tested on: nagios 3.2.3 Vendor URL: http://www.nagios.org Vendor Status: informed CVE-ID: CVE-2011-2179 ========================== Vulnerability Description: ========================== This is a Cross-Site Scripting vulnerability ================== Technical Details: ================== No input validation for "expand" in config.c(gi) View Config -> Command Expansion -> To expand -> View Config -> Command Expansion -> To expand -> or http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand= http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand= ========= Solution: ========= in config.c < printf("To expand:%s",command_args[0]); > printf("To expand:%s",escape_string(command_args[0])); ==================== Disclosure Timeline: ==================== 01-Jun-2011 - informed developers 01-Jun-2011 - Release date of this security advisory 01-Jun-2011 - post on BugTraq and Full-disclosure ======== Credits: ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References: =========== http://www.nagios.org http://tracker.nagios.org/view.php?id=224 http://www.rul3z.de/advisories/SSCHADV2011-006.txt http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2179 http://www.tenable.com/plugins/index.php?view=single&id=55163