Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
c79b4480ec225f484a4c3353e13bf0f2725307d7e9ba6254c20baa738cf5326fGentoo Linux Security Advisory 201412-23 - Multiple vulnerabilities have been found in Nagios, the worst of which may allow remote code execution. Versions less than 3.5.1 are affected.
a782c7e79db993504cb1a30fa333d074610dec108ee4a2d4bfd82116d9c93da3Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.
2a8a2c2fafea3404e1ed0dab309c14b4a4dc58b3300bfb3a8153d0ae8063119f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed