CVE-2013-7108
N/A
N/A
Summary
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
- http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
- http://secunia.com/advisories/56316
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
- https://dev.icinga.org/issues/5251
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
- http://www.openwall.com/lists/oss-security/2013/12/24/1
- http://secunia.com/advisories/55976
- http://www.securityfocus.com/bid/64363
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
- http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
- http://secunia.com/advisories/56316
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
- https://dev.icinga.org/issues/5251
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
- http://www.openwall.com/lists/oss-security/2013/12/24/1
- http://secunia.com/advisories/55976
- http://www.securityfocus.com/bid/64363
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.