CVE-2013-7108

2014-01-1500:00:00

ubuntu.com

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.941 High

EPSS

Percentile

99.1%

JSON

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote
authenticated users to obtain sensitive information from process memory or
cause a denial of service (crash) via a long string in the last key value
in the variable list to the process_cgivars function in (1) avail.c, (2)
cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c,
(7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11)
trends.c in cgi/, which triggers a heap-based buffer over-read.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchnagios3< 3.5.1-1ubuntu1.1UNKNOWN
ubuntu16.04noarchnagios3< 3.5.1.dfsg-2.1ubuntu1.1UNKNOWN
ubuntu16.10noarchnagios3< 3.5.1.dfsg-2.1ubuntu3.1UNKNOWN
ubuntu17.04noarchnagios3< 3.5.1.dfsg-2.1ubuntu5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	nagios3	< 3.5.1-1ubuntu1.1	UNKNOWN
ubuntu	16.04	noarch	nagios3	< 3.5.1.dfsg-2.1ubuntu1.1	UNKNOWN
ubuntu	16.10	noarch	nagios3	< 3.5.1.dfsg-2.1ubuntu3.1	UNKNOWN
ubuntu	17.04	noarch	nagios3	< 3.5.1.dfsg-2.1ubuntu5	UNKNOWN