QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7108

Published: Jan 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2014:0069

vendor-advisory

x_refsource_SUSE

http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:0097

vendor-advisory

x_refsource_SUSE

https://dev.icinga.org/issues/5251

x_refsource_CONFIRM

[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update

mailing-list

x_refsource_MLIST

https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/

x_refsource_CONFIRM

[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

openSUSE-SU-2014:0016

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2014:0039

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.