Candidate: CVE-2013-7106
PublicDate: 2014-01-15 16:08:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7106
 https://dev.icinga.org/issues/5250
Description:
 Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before
 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a
 denial of service (crash) and possibly execute arbitrary code via a long
 string to the (1) display_nav_table, (2) page_limit_selector, (3)
 print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5)
 status_page_num_selector function in cgi/status.c; or (6)
 display_command_expansion function in cgi/config.c.  NOTE: this can be
 exploited without authentication by leveraging CVE-2013-7107.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/1279825
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_icinga:
upstream_icinga: released (1.10.2-1)
lucid_icinga: DNE
precise_icinga: ignored (reached end-of-life)
precise/esm_icinga: DNE (precise was needed)
quantal_icinga: ignored (reached end-of-life)
raring_icinga: ignored (reached end-of-life)
saucy_icinga: ignored (reached end-of-life)
trusty_icinga: not-affected (1.10.2-1)
trusty/esm_icinga: DNE (trusty was not-affected [1.10.2-1])
utopic_icinga: not-affected (1.10.2-1)
vivid_icinga: not-affected (1.10.2-1)
vivid/stable-phone-overlay_icinga: DNE
vivid/ubuntu-core_icinga: DNE
wily_icinga: not-affected (1.10.2-1)
xenial_icinga: not-affected (1.10.2-1)
yakkety_icinga: not-affected (1.10.2-1)
zesty_icinga: not-affected (1.10.2-1)
devel_icinga: not-affected (1.10.2-1)