CVE-2013-7108

Nagios Core <4.0.2 - Info Disclosure

Title source: llm

Description

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DTAG Group Information Security · textdoscgi

https://www.exploit-db.com/exploits/38882

View Code ZIP pw:eip

References (13)

Core 13

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2014:004

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html

Product x_refsource_confirm

http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56316

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html

Vendor Advisory x_refsource_confirm

https://dev.icinga.org/issues/5251

Various Sources x_refsource_confirm

https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/12/24/1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55976

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64363

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html

Scores

EPSS 0.4858

EPSS Percentile 97.8%

Details

CWE

CWE-20

Status published

Products (35)

icinga/icinga 0.8.0

icinga/icinga 0.8.1

icinga/icinga 0.8.2

icinga/icinga 0.8.3

icinga/icinga 0.8.4

icinga/icinga 1.0 (2 CPE variants)

icinga/icinga 1.0.1

icinga/icinga 1.0.2

icinga/icinga 1.0.3

icinga/icinga 1.2.0

... and 25 more

Published Jan 15, 2014

Tracked Since Feb 18, 2026