Your submission was sent successfully! Close

CVE-2014-1878

Published: 28 February 2014

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Priority

Low

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [1.10.3])
upstream
Released (1.10.3-1)
utopic Not vulnerable
(1.10.3)
vivid Not vulnerable
(1.10.3)
wily Not vulnerable
(1.10.3)
xenial Not vulnerable
(1.10.3)
yakkety Not vulnerable
(1.10.3)
zesty Not vulnerable
(1.10.3)
Patches:
upstream: https://dev.icinga.org/projects/icinga-core/repository/revisions/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.
nagios3
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was released [3.5.1-1ubuntu1.1])
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial
Released (3.5.1.dfsg-2.1ubuntu1.1)
yakkety
Released (3.5.1.dfsg-2.1ubuntu3.1)
zesty
Released (3.5.1.dfsg-2.1ubuntu5)
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.