Nagios history.cgi "get_history()" Buffer Overflow Vulnerability
Last Update Date:
20 Dec 2012 10:12
Release Date:
20 Dec 2012
6171
Views
RISK: High Risk
TYPE: Servers - Network Management
A vulnerability has been identified in Nagios, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "get_history()" function (history.c) within history.cgi when handling certain parameters, which can be exploited to cause a stack-based buffer overflow via an overly long "host" parameter.
Successful exploitation may allow execution of arbitrary code.
Note: Vendor patch is currently unavailable.
Impact
- Remote Code Execution
System / Technologies affected
- Version 3.4.3 and before
Solutions
- Note: Vendor patch is currently unavailable.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with