oss-sec mailing list archives
Re: CVE request: denial of service in Nagios (process_cgivars())
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 23 Dec 2013 14:01:04 -0700
On Dec 23, 2013, at 1:19 PM, cve-assign () mitre org wrote:
Signed PGP parthttp://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/Relative to CVE-2013-7108, Nagios changed two files that Icinga did not change. If the additional changes are vulnerability fixes, we will assign two more CVE IDs. (The vulnerability types would not be the same.) We are currently coordinating with Icinga upstream on this. In any case, CVE-2013-7108 will represent a set of off-by-one error issues that are common to Icinga and Nagios, and were all announced at the same time. CVE-2013-7108 is not specific to only Icinga.
I was unaware of any Icinga issues, but I guess that makes sense (we don't ship Icinga so have no reason to look at it). Can you please advise if any additional CVE(s) will be assigned to this commit in Nagios then? In the meantime I'll associate CVE-2013-7108 with our bug. Thanks! -- Vincent Danen / Red Hat Security Response Team
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE request: denial of service in Nagios (process_cgivars()) Vincent Danen (Dec 23)
- Re: CVE request: denial of service in Nagios (process_cgivars()) Salvatore Bonaccorso (Dec 23)
- Re: CVE request: denial of service in Nagios (process_cgivars()) cve-assign (Dec 23)
- Re: CVE request: denial of service in Nagios (process_cgivars()) Vincent Danen (Dec 23)
- Re: CVE request: denial of service in Nagios (process_cgivars()) cve-assign (Dec 24)