VIR Vulnerability Intelligence Relay

CVE-2018-13441

unknown
Published β€” Β· Modified β€”
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
β€”

Description

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2018-13441 NameCVE-2018-13441 Descriptionqh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub…

CVE-2018-13441

NameCVE-2018-13441
Descriptionqh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs917160

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nagios4 (PTS)bookworm, bullseye4.4.6-4fixed
bookworm (security)4.4.6-4+deb12u1fixed
trixie4.4.6-4.1fixed
trixie (security)4.4.6-4.1+deb13u1fixed
sid4.5.12+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nagios4source(unstable)4.3.4-3low917160

Notes

https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed4.3.4-3
debian debianbullseyefixed4.3.4-3
debian debiansidfixed4.3.4-3
debian debiantrixiefixed4.3.4-3
debian debianforkyfixed4.3.4-3

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.