Date: Mon, 16 Dec 2013 21:22:40 +0100 From: Ricardo <ricardo@...chbrothers.com> To: oss-security@...ts.openwall.com Subject: Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251) Hi, CVE-2013-7107 will be addressed with https://dev.icinga.org/issues/5346 Nagios will be affected by following CVEs as well: CVE-2013-7107 CVE-2013-7108 CVE-2013-7106 is Icinga only. Cheers Ricardo Anfang der weitergeleiteten Nachricht: > Von: cve-assign@...re.org > Betreff: Aw: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251) > Datum: 15. Dezember 2013 19:29:59 MEZ > An: ricardo@...chbrothers.com > Kopie: cve-assign@...re.org > > Signierter PGP Teil > Here are the three CVE IDs for your recent reports. Because one report > mentions CSRF, our expectation is that some type of CSRF impact would > remain even after the buffer overflows were fixed. > > > This is fixed with Icinga (https://dev.icinga.org/issues/5250): > > 1.10.2 > > 1.9.4 > > 1.8.5 > > > > The icinga web gui is susceptible to several buffer overflow flaws, > > which can be triggered as a logged on user. > > > > controlling the program flow by modifying the stack content > > Use CVE-2013-7106. > > > > A remote attacker may utilize a CSRF (cross site request forgery) > > attack vector against a logged in user > > Use CVE-2013-7107. > > > > This is fixed with Icinga (https://dev.icinga.org/issues/5251): > > 1.10.2 > > 1.9.4 > > 1.8.5 > > > > This probably affects Nagios in current version as well! > > > > The icinga web gui are susceptible to an "off-by-one read" error ... > > the check routine can be forced to skip the terminating null pointer > > and read the heap address right after the end of the parameter list. > > Depending on the memory layout, this may result in a memory corruption > > condition/crash or reading of sensitive memory locations. > > Use CVE-2013-7108. > > -- > CVE assignment team, MITRE CVE Numbering Authority > M/S M300 > 202 Burlington Road, Bedford, MA 01730 USA > [ PGP key available through http://cve.mitre.org/cve/request_id.html ] > Content of type "text/html" skipped Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ