5
CVSSv2

CVE-2014-1878

Published: 28/02/2014 Updated: 25/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and previous versions, and Icinga prior to 1.8.6, 1.9 prior to 1.9.5, and 1.10 prior to 1.10.3 allows remote malicious users to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Vulnerable Product Search on Vulmon Subscribe to Product

icinga icinga 1.9.2

icinga icinga 1.8.4

icinga icinga 1.9.3

nagios nagios 4.0.0

icinga icinga 1.9.0

icinga icinga 1.8.2

icinga icinga 1.8.0

nagios nagios 4.0.2

icinga icinga 1.8.3

icinga icinga 1.8.1

icinga icinga 1.10.2

icinga icinga

icinga icinga 1.9.4

icinga icinga 1.9.1

nagios nagios

icinga icinga 1.10.1

icinga icinga 1.10.0

Vendor Advisories

Debian Bug report logs - #823721 nagios3: CVE-2014-1878: buffer overflow in cmdcgi Package: src:nagios3; Maintainer for src:nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 May 2016 04:12:02 UTC Severity: importa ...
Several security issues were fixed in Nagios ...
USN-3253-1 introduced a regression in Nagios ...
Multiple off-by-one errors in Nagios Core 351, 402, and earlier, and Icinga before 185, 19 before 194, and 110 before 1102 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function ...
Stack-based buffer overflow in the cmd_submitf function in cgi/cmdc in Nagios Core, possibly 403rc1 and earlier, and Icinga before 186, 19 before 195, and 110 before 1103 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmdcgi ...