CVE-2012-6096
Published: 22 January 2013
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
Notes
Author | Note |
---|---|
mdeslaur | debian bug says nagios patch is possibly incomplete downgrading to "negligible" because of FORTIFY_SOURCE |
Priority
Status
Package | Release | Status |
---|---|---|
icinga Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(1.7.1-5)
|
|
saucy |
Not vulnerable
(1.7.1-5)
|
|
trusty |
Does not exist
(trusty was not-affected [1.7.1-5])
|
|
upstream |
Released
(1.7.1-5)
|
|
utopic |
Not vulnerable
(1.7.1-5)
|
|
vivid |
Not vulnerable
(1.7.1-5)
|
|
wily |
Not vulnerable
(1.7.1-5)
|
|
xenial |
Not vulnerable
(1.7.1-5)
|
|
yakkety |
Not vulnerable
(1.7.1-5)
|
|
zesty |
Not vulnerable
(1.7.1-5)
|
|
Patches: upstream: https://git.icinga.org/?p=icinga-core.git;a=commit;h=46f55574afa934f9e0bce5e9aac7f45530ff0058 vendor: http://www.debian.org/security/2013/dsa-2653 |
||
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. | ||
nagios3 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(3.4.1-3)
|
|
saucy |
Not vulnerable
(3.4.1-3)
|
|
trusty |
Does not exist
(trusty was not-affected [3.4.1-3])
|
|
upstream |
Released
(3.4.1-3)
|
|
utopic |
Not vulnerable
(3.4.1-3)
|
|
vivid |
Not vulnerable
(3.4.1-3)
|
|
wily |
Not vulnerable
(3.4.1-3)
|
|
xenial |
Not vulnerable
(3.4.1-3)
|
|
yakkety |
Not vulnerable
(3.4.1-3)
|
|
zesty |
Not vulnerable
(3.4.1-3)
|
|
Patches: upstream: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547 vendor: http://www.debian.org/security/2013/dsa-2616 |
||
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. |