Candidate: CVE-2016-9565
PublicDate: 2016-12-15 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9565
 https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
Description:
 MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2
 might allow remote attackers to read or write to arbitrary files by
 spoofing a crafted response from the Nagios RSS feed server.  NOTE: this
 vulnerability exists because of an incomplete fix for CVE-2008-4796.
Ubuntu-Description:
Notes:
 ratliff> 80_dont_call_home.patch removes RSS news feeds and update checks
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_nagios3:
upstream_nagios3: released (3.5.1-1)
precise_nagios3: ignored (reached end-of-life)
precise/esm_nagios3: DNE (precise was needed)
trusty_nagios3: not-affected (3.5.1-1ubuntu1)
trusty/esm_nagios3: DNE (trusty was not-affected [3.5.1-1ubuntu1])
vivid/stable-phone-overlay_nagios3: DNE
vivid/ubuntu-core_nagios3: DNE
xenial_nagios3: not-affected
esm-infra/xenial_nagios3: not-affected
yakkety_nagios3: not-affected
zesty_nagios3: not-affected
devel_nagios3: not-affected