CVE-2013-7108
published 2014-01-15CVE-2013-7108: Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote…
PriorityP348medium5.5CVSS 2.0
AVNACLAuSCPINAP
EXPLOIT
EPSS
59.55%
99.0th percentile
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icinga | icinga | <= 1.8.4 | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
| icinga | icinga | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack targets Nagios/Icinga CGI endpoints (avail.cgi, cmd.cgi, config.cgi, extinfo.cgi, histogram.cgi, notifications.cgi, outages.cgi, status.cgi, statusmap.cgi, summary.cgi, trends.cgi) via an abnormally long string value in the last key-value pair of the CGI query string, triggering a heap-based buffer over-read in process_cgivars() ↗
- →Monitor HTTP requests to Nagios/Icinga CGI scripts where a query-string parameter value is excessively long (e.g., ~2000+ characters), particularly when it is the last key=value pair in the request ↗
- ·Exploitation requires the attacker to be a remote authenticated user; unauthenticated access alone is insufficient to trigger the vulnerability ↗
CVSS provenance
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Nagios regression
vendor_ubuntu·2017-06-07·CVSS 5.5
[MEDIUM] Nagios regression
Title: Nagios regression
Summary: USN-3253-1 introduced a regression in Nagios.
USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files
from being displayed in the web interface. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagi
Ubuntu
Nagios vulnerabilities
vendor_ubuntu·2017-04-03·CVSS 5.5
CVE-2013-7108 [MEDIUM] Nagios vulnerabilities
Title: Nagios vulnerabilities
Summary: Several security issues were fixed in Nagios.
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link r
Red Hat
nagios: denial of service due to off-by-one flaw in process_cgivars()
vendor_redhat·2013-12-20·CVSS 5.5
CVE-2013-7108 [MEDIUM] CWE-193 nagios: denial of service due to off-by-one flaw in process_cgivars()
nagios: denial of service due to off-by-one flaw in process_cgivars()
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
Package: nagios (Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)) - Fix deferred
Package: nagios (Red Hat Enterprise Linux OpenStack Platfo
GHSA
GHSA-48qr-xf75-jc6h: Multiple off-by-one errors in Nagios Core 3
ghsa_unreviewed·2022-05-14
CVE-2013-7108 [MEDIUM] CWE-20 GHSA-48qr-xf75-jc6h: Multiple off-by-one errors in Nagios Core 3
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
OSV
nagios3 regression
osv·2017-06-07·CVSS 5.5
CVE-2013-7108 [MEDIUM] nagios3 regression
nagios3 regression
USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files
from being displayed in the web interface. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A lo
OSV
nagios3 vulnerabilities
osv·2017-04-03·CVSS 5.5
CVE-2013-7108 [MEDIUM] nagios3 vulnerabilities
nagios3 vulnerabilities
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)
OSV
CVE-2013-7108: Multiple off-by-one errors in Nagios Core 3
osv·2014-01-15·CVSS 5.5
CVE-2013-7108 [MEDIUM] CVE-2013-7108: Multiple off-by-one errors in Nagios Core 3
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
No detection rules found.
Bugzilla
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
bugzilla·2013-12-24·CVSS 5.5
CVE-2013-7108 [MEDIUM] CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when availa
Bugzilla
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
bugzilla·2013-12-24·CVSS 5.5
CVE-2013-7108 [MEDIUM] CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when avail
Bugzilla
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
bugzilla·2013-12-23·CVSS 5.5
CVE-2013-7108 [MEDIUM] CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
A flaw was reported [1] and fixed [2] in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the process_cgivars() function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios web UI.
[1] https://secunia.com/advisories/55976/
[2] http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
Discussion:
Based on:
http://www.openwall.com/lists/oss-security/2013/12/23/7
this should have CVE-2013-7108 assigned, however there may be an additional CVE assigned as this commit apparently corrected two files that Icinga did not. So if another
http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00046.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00068.htmlhttp://secunia.com/advisories/55976http://secunia.com/advisories/56316http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/http://www.mandriva.com/security/advisories?name=MDVSA-2014:004http://www.openwall.com/lists/oss-security/2013/12/24/1http://www.securityfocus.com/bid/64363https://dev.icinga.org/issues/5251https://lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlhttps://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00046.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00068.htmlhttp://secunia.com/advisories/55976http://secunia.com/advisories/56316http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/http://www.mandriva.com/security/advisories?name=MDVSA-2014:004http://www.openwall.com/lists/oss-security/2013/12/24/1http://www.securityfocus.com/bid/64363https://dev.icinga.org/issues/5251https://lists.debian.org/debian-lts-announce/2018/12/msg00014.htmlhttps://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
2014-01-15
Published