FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-6096

This CVE name corresponds to:

Entered Topic
2013-01-10 nagios -- buffer overflow in history.cgi

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-6096
Phase Assigned(20121206)

Description

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

References

Source Reference
EXPLOIT-DB 24084
EXPLOIT-DB 24159
FULLDISC 20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface
CONFIRM http://www.nagios.org/projects/nagioscore/history/core-3x
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=893269
CONFIRM https://dev.icinga.org/issues/3532
CONFIRM https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/
DEBIAN DSA-2616
DEBIAN DSA-2653
SUSE openSUSE-SU-2013:0140
SUSE openSUSE-SU-2013:0169
SUSE openSUSE-SU-2013:0188
SUSE openSUSE-SU-2013:0206
BID 56879
OSVDB 89170
SECUNIA 51863