Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-7108. PoCs published by DTAG Group Information Security.
AI-analyzed exploit summary The exploit describes an off-by-one memory corruption vulnerability in Icinga, which can be triggered by sending a long string to the 'b' parameter in config.cgi. This can lead to information disclosure or denial of service.
Description
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Exploits (1)
The exploit describes an off-by-one memory corruption vulnerability in Icinga, which can be triggered by sending a long string to the 'b' parameter in config.cgi. This can lead to information disclosure or denial of service.