CVE-2013-7205

Priority
Low
Description
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in
Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to
obtain sensitive information from process memory or cause a denial of
service (crash) via a long string in the last key value in the variable
list, which triggers a heap-based buffer over-read.
References
Bugs
Notes
 mdeslaur> nagios fix had an additional source file, so this CVE was
 mdeslaur> split out from CVE-2013-7108. (contrib/daemonchk.c)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (3.5.1-1ubuntu1.1)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.1.dfsg-2.1ubuntu1.1)
Ubuntu 16.10 (Yakkety Yak):released (3.5.1.dfsg-2.1ubuntu3.1)
Ubuntu 17.04 (Zesty Zapus):released (3.5.1.dfsg-2.1ubuntu5)
Patches:
Upstream:http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
Upstream:https://sourceforge.net/p/nagios/nagioscore/ci/0e733d40f8abf09bd0c0e51c2102964fc2331e97/ (3.5)
More Information

Updated: 2017-04-14 08:19:56 UTC (commit 12390)