Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2386

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-2386
Last Modified 25 Mar 2014 02:05:53
Published 25 Mar 2014 12:55:28
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2386

Summary

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.

Vulnerable Systems

Operating System

  • Novell Opensuse 12.3

  • Novell Opensuse 13.1

Application

  • Icinga 1.10.0

  • Icinga 1.10.1

  • Icinga 1.10.2


References

CONFIRM - https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d

CONFIRM - https://dev.icinga.org/issues/5663

SUSE - openSUSE-SU-2014:0420

MLIST - [oss-security] 20140313 CVE request for icinga 1 byte \0 overflows


Last Updated: 27 May 2016 11:04:46