Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 447802 (CVE-2012-6096) - <net-analyzer/nagios-core-3.5.1: history.cgi Buffer Overflow Vulnerability (CVE-2012-6096)
Summary: <net-analyzer/nagios-core-3.5.1: history.cgi Buffer Overflow Vulnerability (C...
Status: RESOLVED FIXED
Alias: CVE-2012-6096
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51537/
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-19 10:58 UTC by Agostino Sarubbo
Modified: 2014-12-13 19:11 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-12-19 10:58:05 UTC
From $URL :

Description
temp66 has reported a vulnerability in Nagios, which can be exploited by malicious people to 
compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "get_history()" function (history.c) 
within history.cgi when handling certain parameters, which can be exploited to cause a stack-based 
buffer overflow via an overly long "host" parameter.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 3.4.3. Other versions may also be affected.


Solution
No official solution is currently available.
Comment 1 Agostino Sarubbo gentoo-dev 2013-01-10 13:29:01 UTC
A fix is available:
http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-01-25 15:31:08 UTC
CVE-2012-6096 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6096):
  Multiple stack-based buffer overflows in the get_history function in
  history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2,
  1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to
  execute arbitrary code via a long (1) host_name variable (host parameter) or
  (2) svc_description variable.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-28 15:15:50 UTC
@maintainer: Any plans for a bump to a non-affected version as described in CVE?
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2014-09-02 14:30:02 UTC
Bumped to 3.5.1, stabilization requested in bug 501200.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-10-05 00:46:42 UTC
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version.

GLSA Vote: Yes
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-11-21 03:35:48 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-07 20:14:12 UTC
GLSA Vote: Yes. 
New GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-12-13 19:11:38 UTC
This issue was resolved and addressed in
 GLSA 201412-23 at http://security.gentoo.org/glsa/glsa-201412-23.xml
by GLSA coordinator Sean Amoss (ackle).