Nagios history.cgi "get_history()" Buffer Overflow Vulnerability

Last Update Date: 20 Dec 2012 10:12 Release Date: 20 Dec 2012 5495 Views

RISK: High Risk

High Risk

TYPE: Servers - Network Management

TYPE: Network Management

A vulnerability has been identified in Nagios, which can be exploited by malicious people to compromise a vulnerable system.

 

The vulnerability is caused due to a boundary error within the "get_history()" function (history.c) within history.cgi when handling certain parameters, which can be exploited to cause a stack-based buffer overflow via an overly long "host" parameter.

 

Successful exploitation may allow execution of arbitrary code.

 

Note: Vendor patch is currently unavailable.

Impact

  • Remote Code Execution

System / Technologies affected

  • Version 3.4.3 and before

Solutions

  • Note: Vendor patch is currently unavailable.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Oracle Solaris Java Multiple Vulnerabilities

20 Dec 2012 3913 Views

Next

Adobe Shockwave Player Multiple Vulnerabilities

21 Dec 2012 4128 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY