Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)

There exists an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value resulting in the CGI...

CVE-2013-7205

Off-by-one error in the processcgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in the variable list,...

Nagios "process_cgivars()" 单字节溢出漏洞

Nagios是一款免费开放源代码的主机和服务监视软件，可使用在多种Linux和Unix操作系统下。 Nagios 3.x及4.x版本的函数 "processcgivars" 在实现上存在单字节溢出漏洞，攻击者利用特制的键值，成功利用后可造成越界读取内存。 0 Nagios Nagios 4.x Nagios Nagios 3.x 厂商补丁： Nagios ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Nagios Core 3.4.3 Buffer Overflow Vulnerability

Nagios Core version 3.4.3 suffers from a stack-based buffer overflow vulnerability in the history.cgi web interface. history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size. This vulnerability does not appear to be...