What is the severity of CVE-2012-6096?

CVE-2012-6096 is classified as a medium severity vulnerability due to its potential for causing buffer overflows.

How do I fix CVE-2012-6096?

To mitigate CVE-2012-6096, update Nagios Core to version 3.4.4 or higher, as these versions contain the necessary security patches.

Which versions of Nagios are affected by CVE-2012-6096?

CVE-2012-6096 affects Nagios Core versions up to and including 3.4.3 and various earlier versions.

Can CVE-2012-6096 lead to remote code execution?

Yes, CVE-2012-6096 could potentially allow an attacker to execute arbitrary code via a crafted request due to the buffer overflow.

Is CVE-2012-6096 still a risk if my system has security features enabled?

Despite some protections like SSP and FORTIFY_SOURCE, CVE-2012-6096 can still be exploited, making it important to apply the fix.

Vulnerability/
CVE-2012-6096

high

7.5

CWE

119

9/1/2013

22/1/2013

6/8/2024

CVE-2012-6096: Buffer Overflow

First published: Wed Jan 09 2013(Updated: 9 months ago)

It was reported [1] that Nagios Core's history.cgi is vulnerable to a buffer overflow because it used sprintf on user-supplied data that was not restricted in size. Due to various protections of the operating system (history.cgi is compiled with SSP, FORTIFY_SOURCE is enabled, etc.) this is not believed to be exploitable and would result in a denial of service to the user sending the input to history.cgi. This has been fixed in svn (r2547)[2]. [1] <a href="http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html">http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html</a> [2] <a href="http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547">http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Nagios Plugins	<=3.4.3
Nagios Plugins	=3.0
Nagios Plugins	=3.0-alpha1
Nagios Plugins	=3.0-alpha2
Nagios Plugins	=3.0-alpha3
Nagios Plugins	=3.0-alpha4
Nagios Plugins	=3.0-alpha5
Nagios Plugins	=3.0-beta1
Nagios Plugins	=3.0-beta2
Nagios Plugins	=3.0-beta3
Nagios Plugins	=3.0-beta4
Nagios Plugins	=3.0-beta5
Nagios Plugins	=3.0-beta6
Nagios Plugins	=3.0-beta7
Nagios Plugins	=3.0-rc1
Nagios Plugins	=3.0-rc2
Nagios Plugins	=3.0-rc3
Nagios Plugins	=3.0.1
Nagios Plugins	=3.0.2
Nagios Plugins	=3.0.3
Nagios Plugins	=3.0.4
Nagios Plugins	=3.0.5
Nagios Plugins	=3.0.6
Nagios Plugins	=3.1.0
Nagios Plugins	=3.1.1
Nagios Plugins	=3.1.2
Nagios Plugins	=3.2.0
Nagios Plugins	=3.2.1
Nagios Plugins	=3.2.2
Nagios Plugins	=3.2.3
Nagios Plugins	=3.3.1
Nagios Plugins	=3.4.0
Nagios Plugins	=3.4.1
Nagios Plugins	=3.4.2
Icinga Icinga Web 2	=1.6.0
Icinga Icinga Web 2	=1.6.1
Icinga Icinga Web 2	=1.7.0
Icinga Icinga Web 2	=1.7.1
Icinga Icinga Web 2	=1.7.2
Icinga Icinga Web 2	=1.7.3
Icinga Icinga Web 2	=1.8.0
Icinga Icinga Web 2	=1.8.1
Icinga Icinga Web 2	=1.8.2
Icinga Icinga Web 2	=1.8.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6096?
CVE-2012-6096 is classified as a medium severity vulnerability due to its potential for causing buffer overflows.
How do I fix CVE-2012-6096?
To mitigate CVE-2012-6096, update Nagios Core to version 3.4.4 or higher, as these versions contain the necessary security patches.
Which versions of Nagios are affected by CVE-2012-6096?
CVE-2012-6096 affects Nagios Core versions up to and including 3.4.3 and various earlier versions.
Can CVE-2012-6096 lead to remote code execution?
Yes, CVE-2012-6096 could potentially allow an attacker to execute arbitrary code via a crafted request due to the buffer overflow.
Is CVE-2012-6096 still a risk if my system has security features enabled?
Despite some protections like SSP and FORTIFY_SOURCE, CVE-2012-6096 can still be exploited, making it important to apply the fix.

agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6096
agent/last-modified-date
agent/author
agent/severity
agent/event
agent/description
agent/trending
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/nagios
canonical/nagios plugins
version/nagios plugins/3.4.3
version/nagios plugins/3.0
version/nagios plugins/3.0-alpha1
version/nagios plugins/3.0-alpha2
version/nagios plugins/3.0-alpha3
version/nagios plugins/3.0-alpha4
version/nagios plugins/3.0-alpha5
version/nagios plugins/3.0-beta1
version/nagios plugins/3.0-beta2
version/nagios plugins/3.0-beta3
version/nagios plugins/3.0-beta4
version/nagios plugins/3.0-beta5
version/nagios plugins/3.0-beta6
version/nagios plugins/3.0-beta7
version/nagios plugins/3.0-rc1
version/nagios plugins/3.0-rc2
version/nagios plugins/3.0-rc3
version/nagios plugins/3.0.1
version/nagios plugins/3.0.2
version/nagios plugins/3.0.3
version/nagios plugins/3.0.4
version/nagios plugins/3.0.5
version/nagios plugins/3.0.6
version/nagios plugins/3.1.0
version/nagios plugins/3.1.1
version/nagios plugins/3.1.2
version/nagios plugins/3.2.0
version/nagios plugins/3.2.1
version/nagios plugins/3.2.2
version/nagios plugins/3.2.3
version/nagios plugins/3.3.1
version/nagios plugins/3.4.0
version/nagios plugins/3.4.1
version/nagios plugins/3.4.2
vendor/icinga
canonical/icinga icinga web 2
version/icinga icinga web 2/1.6.0
version/icinga icinga web 2/1.6.1
version/icinga icinga web 2/1.7.0
version/icinga icinga web 2/1.7.1
version/icinga icinga web 2/1.7.2
version/icinga icinga web 2/1.7.3
version/icinga icinga web 2/1.8.0
version/icinga icinga web 2/1.8.1
version/icinga icinga web 2/1.8.2
version/icinga icinga web 2/1.8.3