Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501202 (CVE-2013-2214) - <net-analyzer/nagios-3.5.1: Information leak (CVE-2013-2214)
Summary: <net-analyzer/nagios-3.5.1: Information leak (CVE-2013-2214)
Status: RESOLVED FIXED
Alias: CVE-2013-2214
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-13 15:31 UTC by GLSAMaker/CVETool Bot
Modified: 2015-03-18 18:02 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-02-13 15:31:11 UTC
CVE-2013-2214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2214):
  status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not
  properly restrict access to certain users that are a contact for a service,
  which allows remote authenticated users to obtain sensitive information
  about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid
  style in status.cgi.  NOTE: this behavior is by design in most 3.x versions,
  but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
Comment 1 Michael Orlitzky gentoo-dev 2014-12-24 13:42:34 UTC
All affected versions have been removed from the tree.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2014-12-24 13:55:51 UTC
Maintainer(s), Thank you for cleanup!

Security Please Vote.

GLSA Vote: No
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-03-18 18:02:25 UTC
GLSA vote: no.

Closing as [noglsa]