oss-sec mailing list archives

Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)

From: Ricardo <ricardo () bitchbrothers com>
Date: Mon, 16 Dec 2013 21:22:40 +0100

Hi,

CVE-2013-7107 will be addressed with https://dev.icinga.org/issues/5346

Nagios will be affected by following CVEs as well:
CVE-2013-7107
CVE-2013-7108

CVE-2013-7106 is Icinga only.

Cheers
Ricardo

Anfang der weitergeleiteten Nachricht:

Von: cve-assign () mitre org
Betreff: Aw: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability 
(Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)
Datum: 15. Dezember 2013 19:29:59 MEZ
An: ricardo () bitchbrothers com
Kopie: cve-assign () mitre org

Signierter PGP Teil
Here are the three CVE IDs for your recent reports. Because one report
mentions CSRF, our expectation is that some type of CSRF impact would
remain even after the buffer overflows were fixed.

This is fixed with Icinga (https://dev.icinga.org/issues/5250):
    1.10.2
    1.9.4
    1.8.5

The icinga web gui is susceptible to several buffer overflow flaws,
which can be triggered as a logged on user.

controlling the program flow by modifying the stack content


Use CVE-2013-7106.

A remote attacker may utilize a CSRF (cross site request forgery)
attack vector against a logged in user


Use CVE-2013-7107.

This is fixed with Icinga (https://dev.icinga.org/issues/5251):
    1.10.2
    1.9.4
    1.8.5

This probably affects Nagios in current version as well!

The icinga web gui are susceptible to an "off-by-one read" error ...
the check routine can be forced to skip the terminating null pointer
and read the heap address right after the end of the parameter list.
Depending on the memory layout, this may result in a memory corruption
condition/crash or reading of sensitive memory locations.


Use CVE-2013-7108.

--
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251) Ricardo (Dec 16)