CVE-2013-7205
Published: 15 January 2014
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
Notes
| Author | Note |
|---|---|
| mdeslaur | nagios fix had an additional source file, so this CVE was split out from CVE-2013-7108. (contrib/daemonchk.c) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nagios3 Launchpad, Ubuntu, Debian |
vivid |
Ignored
(end of life)
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Released
(3.5.1.dfsg-2.1ubuntu1.1)
|
|
| yakkety |
Released
(3.5.1.dfsg-2.1ubuntu3.1)
|
|
| zesty |
Released
(3.5.1.dfsg-2.1ubuntu5)
|
|
| lucid |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Released
(3.5.1-1ubuntu1.1)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
|
Patches: upstream: http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ upstream: https://sourceforge.net/p/nagios/nagioscore/ci/0e733d40f8abf09bd0c0e51c2102964fc2331e97/ (3.5) |
||