CVE-2013-7106 (retired)

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before
1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a
denial of service (crash) and possibly execute arbitrary code via a long
string to the (1) display_nav_table, (2) page_limit_selector, (3)
print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5)
status_page_num_selector function in cgi/status.c; or (6)
display_command_expansion function in cgi/config.c. NOTE: this can be
exploited without authentication by leveraging CVE-2013-7107.
Upstream:released (1.10.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.10.2-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.10.2-1)
More Information

Updated: 2019-03-26 12:11:34 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)