CVE-2013-7205
https://notcve.org/view.php?id=CVE-2013-7205
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. Error de superación de límite (off-by-one) en la función process_cgivars en contrib/daemonchk.c en Nagios Core 3.5.1, 4.0.2 y anteriores, permite a usuarios autenticados remotamente obtener información sensible desde procesos de memoria o causar denegación de servicio (caída) a través de cadenas largas en el valor de la última clave en la lista de variables, lo cual lanza una sobre-lectura de buffer basada en memoria dinámica. • http://secunia.com/advisories/55976 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories?name=MDVSA-2014:004 http://www.openwall.com/lists/oss-security/2013/12/24/1 http://www.securityfocus.com/bid/64489 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7108 – Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-7108
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. Múltiples errores de superación de límite (off-by-one) en Nagios Core 3.5.1, 4.0.2 y anteriores, e Icinga anteriores a 1.8.5, 1.9 anteriores a 1.9.4 y 1.10 anteriores a 1.10.2 permite a usuarios autenticados remotamente obtener información sensible de procesos de memoria o causar denegación de servicio (caída) a través de una adena larga en el valor de la última clave en la lista de variables de la función process_cgivars en (1) avail.c, (2) cmd.c, (3) config.c, 84) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, y (11) trends.c en cgi/, lo cual lanza una sobre-lectura de buffer basado en memoria dinámica. • https://www.exploit-db.com/exploits/38882 http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html http://secunia.com/advisories/55976 http://secunia.com/advisories/56316 http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866 http://www.mandriva.com/security/advisories& • CWE-20: Improper Input Validation •
CVE-2013-4214 – core: html/rss-newsfeed.php insecure temporary file usage
https://notcve.org/view.php?id=CVE-2013-4214
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. rss-newsfeed.php en Nagios Core 3.4.4, 3.5.1, y anteriores versiones, cuando se establece MAGPIE_CACHE_ON en 1, permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque symlink en /tmp/magpie_cache. • http://rhn.redhat.com/errata/RHSA-2013-1526.html http://www.securityfocus.com/bid/61747 https://bugzilla.redhat.com/show_bug.cgi?id=958002 https://www.nagios.org/projects/nagios-core/history/4x https://access.redhat.com/security/cve/CVE-2013-4214 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2012-6096 – Nagios3 - 'history.cgi' Host Command Execution
https://notcve.org/view.php?id=CVE-2012-6096
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. Múltiples desbordamientos de búfer basado en pila en la función get_history en history.cgi en Nagios core anterior a v3.4.4, y Icinga v1.6.x anterior a v1.6.2, v1.7.x anterior a v1.7.4, y v1.8.x anterior a v1.8.4, permite a atacantes remotos ejecutar código de su elección a través de una variable (1) host_name de gran longitud o (2) de la variable svc_description. Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi. • https://www.exploit-db.com/exploits/24159 https://www.exploit-db.com/exploits/24084 http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html http://secunia.com/advisories/51863 http://www.debian.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5028
https://notcve.org/view.php?id=CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecución de programas de su elección por este proceso, mediante peticiones HTTP no especificadas. • http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://osvdb.org/49678 http://secunia.com/advisories/32610 http://secunia.com/advisories/32630 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.op5.c • CWE-352: Cross-Site Request Forgery (CSRF) •