CVE-2012-6096

🗓️ 22 Jan 2013 23:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov👁 85 Views🌐 WEB

Multiple stack-based buffer overflows in get_history function in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code

Reporter	Title	Published	Views	Family All 63
0day.today	Nagios history.cgi Remote Command Execution Vulnerability	13 Jan 201300:00	–	zdt
FreeBSD	nagios -- buffer overflow in history.cgi	21 Dec 201200:00	–	freebsd
Circl	CVE-2012-6096	13 Jan 201300:00	–	circl
Cvelist	CVE-2012-6096	22 Jan 201323:00	–	cvelist
Debian	[BSA-079] Security Update for icinga	14 Jan 201313:00	–	debian
Debian	[SECURITY] [DSA 2616-1] nagios3 security update	3 Feb 201321:24	–	debian
Debian	[SECURITY] [DSA 2653-1] icinga security update	26 Mar 201320:54	–	debian
Debian CVE	CVE-2012-6096	22 Jan 201323:00	–	debiancve
Tenable Nessus	Debian DSA-2616-1 : nagios3 - buffer overflow in CGI scripts	4 Feb 201300:00	–	nessus
Tenable Nessus	Debian DSA-2653-1 : icinga - buffer overflow	27 Mar 201300:00	–	nessus

NVD

Node

nagios nagiosRange≤3.4.3

nagios nagiosMatch3.0

nagios nagiosMatch3.0alpha1

nagios nagiosMatch3.0alpha2

nagios nagiosMatch3.0alpha3

nagios nagiosMatch3.0alpha4

nagios nagiosMatch3.0alpha5

nagios nagiosMatch3.0beta1

nagios nagiosMatch3.0beta2

nagios nagiosMatch3.0beta3

nagios nagiosMatch3.0beta4

nagios nagiosMatch3.0beta5

nagios nagiosMatch3.0beta6

nagios nagiosMatch3.0beta7

nagios nagiosMatch3.0rc1

nagios nagiosMatch3.0rc2

nagios nagiosMatch3.0rc3

nagios nagiosMatch3.0.1

nagios nagiosMatch3.0.2

nagios nagiosMatch3.0.3

nagios nagiosMatch3.0.4

nagios nagiosMatch3.0.5

nagios nagiosMatch3.0.6

nagios nagiosMatch3.1.0

nagios nagiosMatch3.1.1

nagios nagiosMatch3.1.2

nagios nagiosMatch3.2.0

nagios nagiosMatch3.2.1

nagios nagiosMatch3.2.2

nagios nagiosMatch3.2.3

nagios nagiosMatch3.3.1

nagios nagiosMatch3.4.0

nagios nagiosMatch3.4.1

nagios nagiosMatch3.4.2

Node

icinga icingaMatch1.6.0

icinga icingaMatch1.6.1

icinga icingaMatch1.7.0

icinga icingaMatch1.7.1

icinga icingaMatch1.7.2

icinga icingaMatch1.7.3

icinga icingaMatch1.8.0

icinga icingaMatch1.8.1

icinga icingaMatch1.8.2

icinga icingaMatch1.8.3

Source	Link
osvdb	www.osvdb.org/89170
lists	www.lists.opensuse.org/opensuse-updates/2013-01/msg00088.html
nagios	www.nagios.org/projects/nagioscore/history/core-3x
debian	www.debian.org/security/2013/dsa-2616
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
exploit-db	www.exploit-db.com/exploits/24159
debian	www.debian.org/security/2013/dsa-2653
exploit-db	www.exploit-db.com/exploits/24084
securityfocus	www.securityfocus.com/bid/56879
lists	www.lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html

Parameter	Position	Path	Description	CWE
host	query param	/cgi-bin/history.cgi	Remote code execution via stack-based buffer overflow in Nagios history.cgi triggered by overly long host or svc_description parameters.	CWE-119
svc_description	query param	/cgi-bin/history.cgi	Remote code execution via stack-based buffer overflow in Nagios history.cgi triggered by overly long host or svc_description parameters.	CWE-119

29 Apr 2026 01:13Current

7.5High risk

Vulners AI Score7.5

CVSS 27.5

EPSS0.799

CWE-119