Signature Detail
Short Name |
HTTP:CGI:NAGIOS-CORE-DOS |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nagios core CGI Process_cgivars Off-By-One |
Release Date |
2014/02/13 |
Update Number |
2345 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Nagios core CGI Process_cgivars Off-By-One
This signature detects attempts to exploit a known vulnerability in Nagios core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value. Successful exploitation could result in the CGI crash.
Extended Description
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Affected Products
- icinga 0.8.0
- icinga 0.8.1
- icinga 0.8.2
- icinga 0.8.3
- icinga 0.8.4
- icinga 1.0.1
- icinga 1.0.2
- icinga 1.0.3
- icinga 1.0 (rc1)
- icinga 1.10.0
- icinga 1.10.1
- icinga 1.2.0
- icinga 1.2.1
- icinga 1.3.0
- icinga 1.3.1
- icinga 1.4.0
- icinga 1.4.1
- icinga 1.6.0
- icinga 1.6.1
- icinga 1.6.2
- icinga 1.7.0
- icinga 1.7.1
- icinga 1.7.2
- icinga 1.7.3
- icinga 1.7.4
- icinga 1.8.0
- icinga 1.8.1
- icinga 1.8.2
- icinga 1.8.3
- icinga 1.9.0
- icinga 1.9.1
- icinga 1.9.2
- icinga 1.9.3
- icinga up to 1.8.4
- nagios 3.0.1
- nagios 3.0.2
- nagios 3.0.3
- nagios 3.0.4
- nagios 3.0.5
- nagios 3.0.6
- nagios 3.0 (alpha1)
- nagios 3.0 (alpha2)
- nagios 3.0 (alpha3)
- nagios 3.0 (alpha4)
- nagios 3.0 (alpha5)
- nagios 3.0 (beta1)
- nagios 3.0 (beta2)
- nagios 3.0 (beta3)
- nagios 3.0 (beta4)
- nagios 3.0 (beta5)
- nagios 3.0 (beta6)
- nagios 3.0 (beta7)
- nagios 3.0 (rc1)
- nagios 3.0 (rc2)
- nagios 3.0 (rc3)
- nagios 3.1.0
- nagios 3.1.1
- nagios 3.1.2
- nagios 3.2.0
- nagios 3.2.1
- nagios 3.2.2
- nagios 3.2.3
- nagios 3.3.1
- nagios 3.4.0
- nagios 3.4.1
- nagios 3.4.2
- nagios 3.4.3
- nagios 3.5.1
- nagios up to 4.0.2
References
- BugTraq: 64363
- CVE: CVE-2013-7108