[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
- To: <BugTraq@xxxxxxxxxxxxxxxxx>
- Subject: Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
- From: <CERT@xxxxxxxxxx>
- Date: Mon, 24 Mar 2014 16:51:48 +0100
Deutsche Telekom CERT Advisory [DTC-A-20140324-004]
Summary:
An Off-by-one memory access was found in the web gui of nagios.
A patch was applied to the core master branch of nagios
(http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/).
This resolution is announced to be rolled into the 4.0.3 version of Nagios Core
once testing has been completed.
There has been no feedback regarding the Version 3.5 branch of nagios, but the
current sources seem to indicate that the issue was patched in version 3.5 as
well. The issue should be fixed in the next release.
Homepage: http://www.nagios.org/
Recommendations:
Bug fixes in the source code available. Install updated packages as soon these
packages are available.
Details:
a) application
b) problem
c) CVSS
d) detailed description
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
a1) Nagios 3.5.0 [CVE-2013-7108]
b1) Off-by-one memory access
c1) 4.9 AV:N/AC:M/Au:S/C:P/I:N/A:P
d1) The icinga and nagios web gui are susceptible to an "off-by-one read"
error, which is resulting from an improper assumption in the handling of user
submitted CGI parameters. To prevent buffer overflow attacks against the web
gui, icinga/nagios checks for valid string length of user submitted parameters.
Any parameter, which is bigger than MAX_INPUT_BUFFER-1 characters long will be
discarded. However, by sending a specially crafted cgi parameter, the check
routine can be forced to skip the terminating null pointer and read the heap
address right after the end of the parameter list. Depending on the memory
layout, this may result in a memory corruption condition/crash or reading of
sensitive memory locations.
Deutsche Telekom CERT
Landgrabenweg 151, 53227 Bonn, Germany
+49 800 DTAG CERT (Tel.)
E-Mail: cert@xxxxxxxxxx
Life is for sharing.
Deutsche Telekom AG
Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
Board of Management: Timotheus Höttges (Chairman),
Dr. Thomas Kremer, Reinhard Clemens, Niek Jan van Damme,
Thomas Dannenfeldt, Claudia Nemat, Prof. Dr. Marion Schick
Commercial register: Amtsgericht Bonn HRB 6794
Registered office: Bonn
Big changes start small – conserve resources by not printing every e-mail.