CVE-2013-7205
Published: 15 January 2014
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
Notes
Author | Note |
---|---|
mdeslaur | nagios fix had an additional source file, so this CVE was split out from CVE-2013-7108. (contrib/daemonchk.c) |
Priority
Status
Package | Release | Status |
---|---|---|
nagios3 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(3.5.1-1ubuntu1.1)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(3.5.1.dfsg-2.1ubuntu1.1)
|
|
yakkety |
Released
(3.5.1.dfsg-2.1ubuntu3.1)
|
|
zesty |
Released
(3.5.1.dfsg-2.1ubuntu5)
|
|
Patches: upstream: http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ upstream: https://sourceforge.net/p/nagios/nagioscore/ci/0e733d40f8abf09bd0c0e51c2102964fc2331e97/ |