CVSS: 6.5EPSS: 1%CPEs: 35EXPL: 0CVE-2013-7106
https://notcve.org/view.php?id=CVE-2013-7106
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107. Múltiples desbordamientos de buffer basados en pila en Icinga anteriores a 1.8.5, 1.9 anteriores a 1.9.4, y 1.10 anteriores a 1.10.2 permite a atacantes autenticados remotamente causar denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cadena larga a las funciones en cgi/cgiutils.c (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, o (4) page_num_selector; (5) la función status_page_num_selector en cgi/status.c; o (6) la función display_command_expansion en cgi/config.c. NOTA: este problema puede ser explotado sin autenticación aprovechando la vulnerabilidad CVE-2013-7107. • http://www.openwall.com/lists/oss-security/2013/12/16/4 https://dev.icinga.org/issues/5250 https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 38EXPL: 0CVE-2013-7107
https://notcve.org/view.php?id=CVE-2013-7107
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106. Vulnerabilidad de cross-site request forgery (CSRF) en cmd.cgi en Icinga 1.8.5, 1.9.4, 1.10.2 y anteriores, permite a atacantes secuestrar la autenticación de usuarios en comandos no especificados a través de vectores no especificados, como se muestra sorteando requisitos de autenticación para el CVE-2013-7106. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00061.html http://www.openwall.com/lists/oss-security/2013/12/16/4 https://dev.icinga.org/issues/5250 https://dev.icinga.org/issues/5346 https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 94%CPEs: 71EXPL: 1CVE-2013-7108 – Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-7108
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. Múltiples errores de superación de límite (off-by-one) en Nagios Core 3.5.1, 4.0.2 y anteriores, e Icinga anteriores a 1.8.5, 1.9 anteriores a 1.9.4 y 1.10 anteriores a 1.10.2 permite a usuarios autenticados remotamente obtener información sensible de procesos de memoria o causar denegación de servicio (caída) a través de una adena larga en el valor de la última clave en la lista de variables de la función process_cgivars en (1) avail.c, (2) cmd.c, (3) config.c, 84) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, y (11) trends.c en cgi/, lo cual lanza una sobre-lectura de buffer basado en memoria dinámica. • https://www.exploit-db.com/exploits/38882 http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html http://secunia.com/advisories/55976 http://secunia.com/advisories/56316 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories& • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 96%CPEs: 44EXPL: 5CVE-2012-6096 – Nagios3 - 'history.cgi' Host Command Execution
https://notcve.org/view.php?id=CVE-2012-6096
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. Múltiples desbordamientos de búfer basado en pila en la función get_history en history.cgi en Nagios core anterior a v3.4.4, y Icinga v1.6.x anterior a v1.6.2, v1.7.x anterior a v1.7.4, y v1.8.x anterior a v1.8.4, permite a atacantes remotos ejecutar código de su elección a través de una variable (1) host_name de gran longitud o (2) de la variable svc_description. Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi. • https://www.exploit-db.com/exploits/24159 https://www.exploit-db.com/exploits/24084 http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html http://secunia.com/advisories/51863 http://www.debian.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3441
https://notcve.org/view.php?id=CVE-2012-3441
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. El script de creación de base de datos (module/idoutils/db/scripts/create_mysqldb.sh) en Icinga v1.7.1 garantiza el acceso a todas las bases de datos para el usuario icinga, lo que permite a los usuarios acceder a otras bases de datos icinga a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html http://www.openwall.com/lists/oss-security/2012/07/30/6 http://www.openwall.com/lists/oss-security/2012/07/30/7 https://bugzilla.novell.com/show_bug.cgi?id=767319 https://exchange.xforce.ibmcloud.com/vulnerabilities/78874 https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=712813d3118a5b9e5a496179cab81dbe91f69d63 https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=dcd45fb6931c4abf710829bee21af09f842bc281 https://g • CWE-264: Permissions, Privileges, and Access Controls •