nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read (CVE-2013-7108).
•MLIST:[oss-security] 20131224 Re: CVE request: denial of service in
Nagios (process_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•CONFIRM: https://dev.icinga.org/issues/5251
•CONFIRM:
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
•SUSE:openSUSE-SU-2014:0016
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
•SUSE:openSUSE-SU-2014:0039
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
•SUSE:openSUSE-SU-2014:0069
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
•SECUNIA:56316
•URL: http://secunia.com/advisories/56316
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read (CVE-2013-7205).
•MLIST:[oss-security] 20131224 Re: CVE request: denial of service in
Nagios (process_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
(from redmine: issue id 2618, created on 2014-02-04, closed on 2014-04-18)
- Relations:
- child #2619 (closed)
- child #2620 (closed)
- child #2621 (closed)
- child #2622 (closed)