CVE-2013-7108

Nagios Core <4.0.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7108. PoCs published by DTAG Group Information Security.

AI-analyzed exploit summary The exploit describes an off-by-one memory corruption vulnerability in Icinga, which can be triggered by sending a long string to the 'b' parameter in config.cgi. This can lead to information disclosure or denial of service.

Description

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DTAG Group Information Security · textdoscgi
https://www.exploit-db.com/exploits/38882

The exploit describes an off-by-one memory corruption vulnerability in Icinga, which can be triggered by sending a long string to the 'b' parameter in config.cgi. This can lead to information disclosure or denial of service.

Classification
Writeup 80%
Attack Type
Dos | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Icinga (version not specified)
No auth needed
Prerequisites: Access to the Icinga web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56316
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
Vendor Advisory x_refsource_confirm
https://dev.icinga.org/issues/5251
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/24/1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55976
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64363
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html

Scores

EPSS 0.5955
EPSS Percentile 99.0%

Details

CWE
CWE-20
Status published
Products (35)
icinga/icinga 0.8.0
icinga/icinga 0.8.1
icinga/icinga 0.8.2
icinga/icinga 0.8.3
icinga/icinga 0.8.4
icinga/icinga 1.0 (2 CPE variants)
icinga/icinga 1.0.1
icinga/icinga 1.0.2
icinga/icinga 1.0.3
icinga/icinga 1.2.0
... and 25 more
Published Jan 15, 2014
Tracked Since Feb 18, 2026