Add fix to nagios_xi_plugins_check_ping_authenticated_rce.rb to Ensure Old Versions Can Still Be Detected As Being Vulnerable #15063
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some old versions of Nagios XI had unusual version numbering such as
5r1.0
. Unfortunately whilst testing this PR I forgot to add the regex that is in the other modules to this, which is basically the following line:The reason this line is necessary before calling
Rex::Version::new(nagios_version)
is thatRex::Version
does not handle cases where the version number contains letters within its contents. Therefore we must set the value ofnagios_version
to some number. However as we don't really care about versions older than5.6.6
in this exploit, as they are all vulnerable anyway, we just set it to1.0.0
as a placeholder to just indicate that this version of NagiosXI is vulnerable.Note that this fix is applied after the line
print_status("Target is Nagios XI with version #{nagios_version}")
so we will still print out the correct version of NagiosXI that is installed on the target, and this fix only affects the logic of determining if the target is vulnerable or not.Verification
List the steps needed to make sure this thing works
check
method now returns the vulnerable version that is installed on the target and that the module now identifies the target as being vulnerable without crashing the module.