Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30629
HistoryMay 05, 2014 - 12:00 a.m.

Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga

2014-05-0500:00:00
vulners.com
35

Deutsche Telekom CERT Advisory [DTC-A-20140324-003]

Summary:
Two vulnerabilities were found in icinga version 1.9.1.

These vulnerabilities are:
1) several buffer overflows
2) Off-by-one memory access

Recommendations:
Updates available and need to be installed:

  • Icinga 1.10.2 Bug Fix Release
  • Icinga 1.9.4
  • Icinga 1.8.5

Homepage: https://www.icinga.org/

Details:
a) application
b) problem
c) CVSS
d) detailed description

a1) Icinga 1.9.1
b1) Buffer Overflow [CVE-2013-7106]
c1) 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C
d1) The icinga web gui is susceptible to several buffer overflow flaws, which can be triggered as a logged on user. A remote attacker may utilize a CSRF (cross site request forgery) attack vector against a logged in user to exploit this flaw remotely. Depending on the target system, this may result in code execution and eventually full compromise of the icinga server.

a2) Icinga 1.9.1 [CVE-2013-7108]
b2) Off-by-one memory access
c2) 4.9 AV:N/AC:M/Au:S/C:P/I:N/A:P
d2) The icinga and nagios web gui are susceptible to an "off-by-one read" error, which is resulting from an improper assumption in the handling of user submitted CGI parameters. To prevent buffer overflow attacks against the web gui, icinga/nagios checks for valid string length of user submitted parameters. Any parameter, which is bigger than MAX_INPUT_BUFFER-1 characters long will be discarded. However, by sending a specially crafted cgi parameter, the check routine can be forced to skip the terminating null pointer and read the heap address right after the end of the parameter list. Depending on the memory layout, this may result in a memory corruption condition/crash or reading of sensitive memory locations.

Deutsche Telekom CERT
Landgrabenweg 151, 53227 Bonn, Germany
+49 800 DTAG CERT (Tel.)
E-Mail: [email protected]
Life is for sharing.

Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: Timotheus Hottges (Chairman),
Dr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,
Thomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn

Big changes start small – conserve resources by not printing every e-mail.

Related for SECURITYVULNS:DOC:30629