CVE-2014-1878

Published: 28 February 2014

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Priority

Low

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.3-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.10.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.10.3])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needed)
Patches:
Upstream: https://dev.icinga.org/projects/icinga-core/repository/revisions/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.
nagios3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (3.5.1.dfsg-2.1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.5.1-1ubuntu1.1])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needed)
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.