Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:004 | vendor advisory |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html | vendor advisory |
| http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ | |
| http://secunia.com/advisories/56316 | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html | vendor advisory |
| https://dev.icinga.org/issues/5251 | vendor advisory |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html | mailing list |
| https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/ | |
| http://www.openwall.com/lists/oss-security/2013/12/24/1 | mailing list |
| http://secunia.com/advisories/55976 | third party advisory vendor advisory |
| http://www.securityfocus.com/bid/64363 | vdb entry |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html | vendor advisory |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html | vendor advisory |