CVE-2013-7108: Input Validation
First published: Wed Jan 15 2014(Updated: )
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios | <=4.0.2 | |
| Nagios | =3.0 | |
| Nagios | =3.0-alpha1 | |
| Nagios | =3.0-alpha2 | |
| Nagios | =3.0-alpha3 | |
| Nagios | =3.0-alpha4 | |
| Nagios | =3.0-alpha5 | |
| Nagios | =3.0-beta1 | |
| Nagios | =3.0-beta2 | |
| Nagios | =3.0-beta3 | |
| Nagios | =3.0-beta4 | |
| Nagios | =3.0-beta5 | |
| Nagios | =3.0-beta6 | |
| Nagios | =3.0-beta7 | |
| Nagios | =3.0-rc1 | |
| Nagios | =3.0-rc2 | |
| Nagios | =3.0-rc3 | |
| Nagios | =3.0.1 | |
| Nagios | =3.0.2 | |
| Nagios | =3.0.3 | |
| Nagios | =3.0.4 | |
| Nagios | =3.0.5 | |
| Nagios | =3.0.6 | |
| Nagios | =3.1.0 | |
| Nagios | =3.1.1 | |
| Nagios | =3.1.2 | |
| Nagios | =3.2.0 | |
| Nagios | =3.2.1 | |
| Nagios | =3.2.2 | |
| Nagios | =3.2.3 | |
| Nagios | =3.3.1 | |
| Nagios | =3.4.0 | |
| Nagios | =3.4.1 | |
| Nagios | =3.4.2 | |
| Nagios | =3.4.3 | |
| Nagios | =3.5.1 | |
| Icinga Icinga | <=1.8.4 | |
| Icinga Icinga | =0.8.0 | |
| Icinga Icinga | =0.8.1 | |
| Icinga Icinga | =0.8.2 | |
| Icinga Icinga | =0.8.3 | |
| Icinga Icinga | =0.8.4 | |
| Icinga Icinga | =1.0 | |
| Icinga Icinga | =1.0-rc1 | |
| Icinga Icinga | =1.0.1 | |
| Icinga Icinga | =1.0.2 | |
| Icinga Icinga | =1.0.3 | |
| Icinga Icinga | =1.2.0 | |
| Icinga Icinga | =1.2.1 | |
| Icinga Icinga | =1.3.0 | |
| Icinga Icinga | =1.3.1 | |
| Icinga Icinga | =1.4.0 | |
| Icinga Icinga | =1.4.1 | |
| Icinga Icinga | =1.6.0 | |
| Icinga Icinga | =1.6.1 | |
| Icinga Icinga | =1.6.2 | |
| Icinga Icinga | =1.7.0 | |
| Icinga Icinga | =1.7.1 | |
| Icinga Icinga | =1.7.2 | |
| Icinga Icinga | =1.7.3 | |
| Icinga Icinga | =1.7.4 | |
| Icinga Icinga | =1.8.0 | |
| Icinga Icinga | =1.8.1 | |
| Icinga Icinga | =1.8.2 | |
| Icinga Icinga | =1.8.3 | |
| Icinga Icinga | =1.9.0 | |
| Icinga Icinga | =1.9.1 | |
| Icinga Icinga | =1.9.2 | |
| Icinga Icinga | =1.9.3 | |
| Icinga Icinga | =1.10.0 | |
| Icinga Icinga | =1.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
- http://secunia.com/advisories/55976
- http://secunia.com/advisories/56316
- http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
- http://www.openwall.com/lists/oss-security/2013/12/24/1
- http://www.securityfocus.com/bid/64363
- https://dev.icinga.org/issues/5251
- https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
- https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios
- version/nagios/4.0.2
- version/nagios/3.0
- version/nagios/3.0-alpha1
- version/nagios/3.0-alpha2
- version/nagios/3.0-alpha3
- version/nagios/3.0-alpha4
- version/nagios/3.0-alpha5
- version/nagios/3.0-beta1
- version/nagios/3.0-beta2
- version/nagios/3.0-beta3
- version/nagios/3.0-beta4
- version/nagios/3.0-beta5
- version/nagios/3.0-beta6
- version/nagios/3.0-beta7
- version/nagios/3.0-rc1
- version/nagios/3.0-rc2
- version/nagios/3.0-rc3
- version/nagios/3.0.1
- version/nagios/3.0.2
- version/nagios/3.0.3
- version/nagios/3.0.4
- version/nagios/3.0.5
- version/nagios/3.0.6
- version/nagios/3.1.0
- version/nagios/3.1.1
- version/nagios/3.1.2
- version/nagios/3.2.0
- version/nagios/3.2.1
- version/nagios/3.2.2
- version/nagios/3.2.3
- version/nagios/3.3.1
- version/nagios/3.4.0
- version/nagios/3.4.1
- version/nagios/3.4.2
- version/nagios/3.4.3
- version/nagios/3.5.1
- vendor/icinga
- canonical/icinga icinga
- version/icinga icinga/1.8.4
- version/icinga icinga/0.8.0
- version/icinga icinga/0.8.1
- version/icinga icinga/0.8.2
- version/icinga icinga/0.8.3
- version/icinga icinga/0.8.4
- version/icinga icinga/1.0
- version/icinga icinga/1.0-rc1
- version/icinga icinga/1.0.1
- version/icinga icinga/1.0.2
- version/icinga icinga/1.0.3
- version/icinga icinga/1.2.0
- version/icinga icinga/1.2.1
- version/icinga icinga/1.3.0
- version/icinga icinga/1.3.1
- version/icinga icinga/1.4.0
- version/icinga icinga/1.4.1
- version/icinga icinga/1.6.0
- version/icinga icinga/1.6.1
- version/icinga icinga/1.6.2
- version/icinga icinga/1.7.0
- version/icinga icinga/1.7.1
- version/icinga icinga/1.7.2
- version/icinga icinga/1.7.3
- version/icinga icinga/1.7.4
- version/icinga icinga/1.8.0
- version/icinga icinga/1.8.1
- version/icinga icinga/1.8.2
- version/icinga icinga/1.8.3
- version/icinga icinga/1.9.0
- version/icinga icinga/1.9.1
- version/icinga icinga/1.9.2
- version/icinga icinga/1.9.3
- version/icinga icinga/1.10.0
- version/icinga icinga/1.10.1