Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2013-7108

Published: 15/01/2014 Updated: 25/12/2018
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 555
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Subscribe to Nagios

Vulnerability Summary

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and previous versions, and Icinga prior to 1.8.5, 1.9 prior to 1.9.4, and 1.10 prior to 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios 3.0

nagios nagios 3.0.3

nagios nagios 3.0.4

nagios nagios 3.2.1

nagios nagios 3.2.2

nagios nagios 3.2.3

nagios nagios

nagios nagios 3.0.1

nagios nagios 3.0.2

nagios nagios 3.1.2

nagios nagios 3.2.0

nagios nagios 3.4.3

nagios nagios 3.5.1

nagios nagios 3.1.0

nagios nagios 3.1.1

nagios nagios 3.4.1

nagios nagios 3.4.2

nagios nagios 3.0.5

nagios nagios 3.0.6

nagios nagios 3.3.1

nagios nagios 3.4.0

icinga icinga 1.9.0

icinga icinga 1.9.1

icinga icinga 0.8.2

icinga icinga 0.8.3

icinga icinga 1.2.1

icinga icinga 1.3.0

icinga icinga 1.7.0

icinga icinga 1.7.1

icinga icinga 1.8.3

icinga icinga

icinga icinga 0.8.0

icinga icinga 0.8.1

icinga icinga 1.0.2

icinga icinga 1.0.3

icinga icinga 1.2.0

icinga icinga 1.6.1

icinga icinga 1.6.2

icinga icinga 1.8.1

icinga icinga 1.8.2

icinga icinga 1.10.0

icinga icinga 1.10.1

icinga icinga 1.0

icinga icinga 1.0.1

icinga icinga 1.4.1

icinga icinga 1.6.0

icinga icinga 1.7.4

icinga icinga 1.8.0

icinga icinga 1.9.2

icinga icinga 1.9.3

icinga icinga 0.8.4

icinga icinga 1.3.1

icinga icinga 1.4.0

icinga icinga 1.7.2

icinga icinga 1.7.3

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-7108 CVE-2013-7205
Debian Bug report logs - #771466 CVE-2013-7108 CVE-2013-7205 Package: nagios3; Maintainer for nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for nagios3 is src:nagios3 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 29 Nov 2014 22:18:02 U ...
Ubuntu Security Notice: nagios3 vulnerabilities
Several security issues were fixed in Nagios ...
Ubuntu Security Notice: nagios3 regression
USN-3253-1 introduced a regression in Nagios ...
Amazon Linux AMI: ALAS-2017-899
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...
Red Hat: CVE-2013-7108
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...

Exploits

Exploit DB: Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
source: wwwsecurityfocuscom/bid/64363/info Icinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition Attackers may exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users wwwexamplecom/cgi-bin/configcgi?b=aaaa[20 ...

References

CWE-20https://dev.icinga.org/issues/5251http://secunia.com/advisories/56316http://secunia.com/advisories/55976http://www.openwall.com/lists/oss-security/2013/12/24/1https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00028.htmlhttp://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:004http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.htmlhttp://www.securityfocus.com/bid/64363https://lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771466https://nvd.nist.govhttps://usn.ubuntu.com/3253-1/https://www.exploit-db.com/exploits/38882/https://access.redhat.com/security/cve/cve-2013-7108
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook