CVE-2018-13457

MEDIUM

Nagios Core < 4.4.1 - Denial of Service via NULL Pointer Dereference in qh_echo

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-13457. PoCs published by Fakhri Zulkifli.

AI-analyzed exploit summary This exploit demonstrates a NULL pointer dereference vulnerability in Nagios Core 4.4.1 and earlier, allowing local denial-of-service attacks via crafted payloads sent to a UNIX socket. The PoC includes specific commands for three CVEs (CVE-2018-13458, CVE-2018-13457, CVE-2018-13441).

Description

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Exploits (1)

exploitdb WORKING POC

by Fakhri Zulkifli · textdoslinux

https://www.exploit-db.com/exploits/45082

View Code ZIP pw:eip

This exploit demonstrates a NULL pointer dereference vulnerability in Nagios Core 4.4.1 and earlier, allowing local denial-of-service attacks via crafted payloads sent to a UNIX socket. The PoC includes specific commands for three CVEs (CVE-2018-13458, CVE-2018-13457, CVE-2018-13441).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Nagios Core 4.4.1 and earlier

No auth needed

Prerequisites: Local access to the target system · Presence of Nagios Core UNIX socket

MITRE ATT&CK