CVE-2014-1878

Priority
Description
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in
Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9
before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a
denial of service (segmentation fault) via a long message to cmd.cgi.
Notes
Package
Upstream:released (1.10.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.10.3])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.10.3)
Patches:
Upstream:https://dev.icinga.org/projects/icinga-core/repository/revisions/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#fortify-source
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.5.1-1ubuntu1.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.1.dfsg-2.1ubuntu1.1)
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#fortify-source
More Information

Updated: 2020-01-29 19:49:19 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)