the original cloud security

Mandriva Linux Security Advisory 2013-028

Mandriva Linux Security Advisory 2013-028
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-028 - Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long host_name variable svc_description variable. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2012-6096
MD5 | 4f519e37ebeacbf841da154d997df39c

Mandriva Linux Security Advisory 2013-028

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:028
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nagios
Date : March 18, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in nagios:

Multiple stack-based buffer overflows in the get_history function
in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before
1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote
attackers to execute arbitrary code via a long (1) host_name variable
(host parameter) or (2) svc_description variable (CVE-2012-6096).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
dabb598af3a93d05169d3dab9f12b69d mes5/i586/nagios-3.1.2-0.4mdvmes5.2.i586.rpm
df33f1ed27f9d74f3fa4ea5d4a347c70 mes5/i586/nagios-devel-3.1.2-0.4mdvmes5.2.i586.rpm
d1ea00c20f13f6d9aa7773f4f137ebeb mes5/i586/nagios-theme-default-3.1.2-0.4mdvmes5.2.i586.rpm
ab09d902b27ca0da9230b9cb4d9a5f8f mes5/i586/nagios-www-3.1.2-0.4mdvmes5.2.i586.rpm
b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
5d12b28e4d7f5a523c95853faade8325 mes5/x86_64/nagios-3.1.2-0.4mdvmes5.2.x86_64.rpm
a83093a3df1b226ed8c612091e4446e6 mes5/x86_64/nagios-devel-3.1.2-0.4mdvmes5.2.x86_64.rpm
ab9ed42f03f622cee342cffa2016a408 mes5/x86_64/nagios-theme-default-3.1.2-0.4mdvmes5.2.x86_64.rpm
091de2efcc2767e53be2a6206f58a0ed mes5/x86_64/nagios-www-3.1.2-0.4mdvmes5.2.x86_64.rpm
b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRRsFbmqjQ0CJFipgRAtU2AJ42QBioKwJS6mwIfZbOl6phJZox9wCfcv1X
WgtsHlxL/pqZ5Ud5qh1OJnA=
=Mxrq
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close