UBUNTU-CVE-2013-7108

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2013-7108

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-7108.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-7108

Related

CVE-2013-7108
USN-3253-1

Published

2014-01-15T00:00:00Z

Modified

2014-01-15T00:00:00Z

Summary

[none]

Details

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

References

Affected packages

Ubuntu:14.04:LTS / icinga

Package

Name: icinga
Purl: pkg:deb/ubuntu/icinga?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.2-1

Affected versions

1.*

1.9.3-2

1.9.3-2build1

1.10.0-1

1.10.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-cgi"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-common"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-core"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-dbg"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-doc"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-idoutils"
        }
    ]
}

Ubuntu:14.04:LTS / nagios3

Package

Name: nagios3
Purl: pkg:deb/ubuntu/nagios3?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.1-1ubuntu1.1

Affected versions

3.*

3.4.1-5ubuntu2

3.4.1-5ubuntu3

3.5.1-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-cgi"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-cgi-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-common"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-core"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-core-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-dbg"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-doc"
        }
    ]
}

Ubuntu:16.04:LTS / nagios3

Package

Name: nagios3
Purl: pkg:deb/ubuntu/nagios3?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.1.dfsg-2.1ubuntu1.1

Affected versions

3.*

3.5.1-1ubuntu4

3.5.1.dfsg-2ubuntu1

3.5.1.dfsg-2ubuntu2

3.5.1.dfsg-2.1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-cgi"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-cgi-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-common"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-core"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-core-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-dbg"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-doc"
        }
    ]
}