Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.
2a8a2c2fafea3404e1ed0dab309c14b4a4dc58b3300bfb3a8153d0ae8063119f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:004
https://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : nagios
Date : January 16, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in nagios:
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier,
and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2
allow remote authenticated users to obtain sensitive information from
process memory or cause a denial of service (crash) via a long string
in the last key value in the variable list to the process_cgivars
function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c,
(5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c,
(9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which
triggers a heap-based buffer over-read (CVE-2013-7108).
Off-by-one error in the process_cgivars function in contrib/daemonchk.c
in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated
users to obtain sensitive information from process memory or cause
a denial of service (crash) via a long string in the last key value
in the variable list, which triggers a heap-based buffer over-read
(CVE-2013-7205).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7205
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
b0f9766b9c800cabc2d48c3cd6a0d754 mes5/i586/nagios-3.1.2-0.5mdvmes5.2.i586.rpm
250e0e806816abe05be0d6492800d15c mes5/i586/nagios-devel-3.1.2-0.5mdvmes5.2.i586.rpm
4e38af03680cdaf6943a3cda473147e7 mes5/i586/nagios-theme-default-3.1.2-0.5mdvmes5.2.i586.rpm
1b34d425d31cd67ce1e119dbbe1d2a34 mes5/i586/nagios-www-3.1.2-0.5mdvmes5.2.i586.rpm
54aa5cd353453a0400674ab7d92b3154 mes5/SRPMS/nagios-3.1.2-0.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b748f8bd42b90b12d57370aabfef21b9 mes5/x86_64/nagios-3.1.2-0.5mdvmes5.2.x86_64.rpm
346d9552cc42bd664e99006bcfd15730 mes5/x86_64/nagios-devel-3.1.2-0.5mdvmes5.2.x86_64.rpm
4cb14dea2cf09787d2d187969cc00590 mes5/x86_64/nagios-theme-default-3.1.2-0.5mdvmes5.2.x86_64.rpm
d66f5f485845c0039d8083d0af38379f mes5/x86_64/nagios-www-3.1.2-0.5mdvmes5.2.x86_64.rpm
54aa5cd353453a0400674ab7d92b3154 mes5/SRPMS/nagios-3.1.2-0.5mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
25b21259455d7fd14f58191c136490d5 mbs1/x86_64/nagios-3.4.4-4.1.mbs1.x86_64.rpm
368959c2c78bd6bf48ed10d84e440d0c mbs1/x86_64/nagios-devel-3.4.4-4.1.mbs1.x86_64.rpm
cfd069de34d3de15f7b80bb5ffb07d8c mbs1/x86_64/nagios-www-3.4.4-4.1.mbs1.x86_64.rpm
4db6f650ab30c32be4a7ab574d0c8225 mbs1/SRPMS/nagios-3.4.4-4.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD4DBQFS19vmmqjQ0CJFipgRAlFYAJ9xfMNIFUkECvfs5uTpy97yRE31VwCXcVjC
8WDQGFeiI1jbLTbleK4TBg==
=DSkb
-----END PGP SIGNATURE-----