Your submission was sent successfully! Close

CVE-2012-6096

Published: 22 January 2013

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

Priority

Negligible

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
Upstream
Released (1.7.1-5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.7.1-5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.7.1-5])
Patches:
Upstream: https://git.icinga.org/?p=icinga-core.git;a=commit;h=46f55574afa934f9e0bce5e9aac7f45530ff0058
Vendor: http://www.debian.org/security/2013/dsa-2653
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.
nagios3
Launchpad, Ubuntu, Debian
Upstream
Released (3.4.1-3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.4.1-3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.1-3])
Patches:
Upstream: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
Vendor: http://www.debian.org/security/2013/dsa-2616
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.