CVE-2013-7108

Related Files

Ubuntu Security Notice USN-3253-1

Posted Apr 3, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, cgi

systems | linux, ubuntu

advisories | CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2016-9566

SHA-256 | c79b4480ec225f484a4c3353e13bf0f2725307d7e9ba6254c20baa738cf5326f

Download | Favorite | View

Gentoo Linux Security Advisory 201412-23

Posted Dec 15, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-23 - Multiple vulnerabilities have been found in Nagios, the worst of which may allow remote code execution. Versions less than 3.5.1 are affected.

tags | advisory, remote, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2012-6096, CVE-2013-7108, CVE-2013-7205

SHA-256 | a782c7e79db993504cb1a30fa333d074610dec108ee4a2d4bfd82116d9c93da3

Download | Favorite | View

Debian Security Advisory 2956-1

Posted Jun 12, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2956-1 - Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.

tags | advisory, denial of service, overflow, arbitrary, csrf

systems | linux, debian

advisories | CVE-2013-7106, CVE-2013-7107, CVE-2013-7108, CVE-2014-1878, CVE-2014-2386

SHA-256 | d0f8df2fd956542b4826e59cbfdb1a5a6db0d8e28e9911aee72085b6d64e1677

Download | Favorite | View

Deutsche Telekom CERT Advisory DTC-A-20140324-004

Posted Mar 25, 2014

Authored by Deutsche Telekom CERT

Nagios 3.5.0 suffers from an off-by-one memory access vulnerability.

tags | advisory

advisories | CVE-2013-7108

SHA-256 | 69651640bf2e907cef3c5b36888f005619b1f471351155a6054b7efd9226bb08

Download | Favorite | View

Deutsche Telekom CERT Advisory DTC-A-20140324-003

Posted Mar 25, 2014

Authored by Deutsche Telekom CERT

Icinga version 1.9.1 suffers from buffer overflow and off-by-one memory access vulnerabilities.

tags | advisory, overflow, vulnerability

advisories | CVE-2013-7106, CVE-2013-7108

SHA-256 | a80f7605d0c312fc041a1a22841376ec743fc06341d21397c2f1cd1348d95d96

Download | Favorite | View

Mandriva Linux Security Advisory 2014-004

Posted Jan 16, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi

systems | linux, mandriva

advisories | CVE-2013-7108, CVE-2013-7205

SHA-256 | 2a8a2c2fafea3404e1ed0dab309c14b4a4dc58b3300bfb3a8153d0ae8063119f

Download | Favorite | View