Skip to main content

Nagios history.cgi "get_history()" Buffer Overflow Vulnerability

Last Update Date: 20 Dec 2012 10:12 Release Date: 20 Dec 2012 6171 Views

RISK: High Risk

TYPE: Servers - Network Management

TYPE: Network Management

A vulnerability has been identified in Nagios, which can be exploited by malicious people to compromise a vulnerable system.

 

The vulnerability is caused due to a boundary error within the "get_history()" function (history.c) within history.cgi when handling certain parameters, which can be exploited to cause a stack-based buffer overflow via an overly long "host" parameter.

 

Successful exploitation may allow execution of arbitrary code.

 

Note: Vendor patch is currently unavailable.


Impact

  • Remote Code Execution

System / Technologies affected

  • Version 3.4.3 and before

Solutions

  • Note: Vendor patch is currently unavailable.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link