Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6096

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-6096
Last Modified 04 Jun 2013 11:40:03
Published 22 Jan 2013 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6096

Summary

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

Vulnerable Systems

Application

  • Icinga 1.6.0

  • Icinga 1.6.1

  • Icinga 1.6.2

  • Icinga 1.7.0

  • Icinga 1.7.1

  • Icinga 1.7.2

  • Icinga 1.7.3

  • Icinga 1.7.4

  • Icinga 1.8.0

  • Icinga 1.8.1

  • Icinga 1.8.2

  • Icinga 1.8.3

  • Icinga 1.8.4

  • Nagios 3.0

  • Nagios 3.0.1

  • Nagios 3.0.2

  • Nagios 3.0.3

  • Nagios 3.0.4

  • Nagios 3.0.5

  • Nagios 3.0.6

  • Nagios 3.1.0

  • Nagios 3.1.1

  • Nagios 3.1.2

  • Nagios 3.2.0

  • Nagios 3.2.1

  • Nagios 3.2.2

  • Nagios 3.2.3

  • Nagios 3.3.1

  • Nagios 3.4.0

  • Nagios 3.4.1

  • Nagios 3.4.2

  • Nagios 3.4.3


References

CONFIRM - https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/

CONFIRM - https://dev.icinga.org/issues/3532

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=893269

BID - 56879

OSVDB - 89170

CONFIRM - http://www.nagios.org/projects/nagioscore/history/core-3x

EXPLOIT-DB - 24159

EXPLOIT-DB - 24084

SECUNIA - 51863

FULLDISC - 20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface

SUSE - openSUSE-SU-2013:0206

SUSE - openSUSE-SU-2013:0188

SUSE - openSUSE-SU-2013:0169

SUSE - openSUSE-SU-2013:0140

DEBIAN - DSA-2616

DEBIAN - DSA-2653


Last Updated: 27 May 2016 10:51:50