Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 16 Dec 2013 21:22:40 +0100
From: Ricardo <ricardo@...chbrothers.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)

Hi,

CVE-2013-7107 will be addressed with https://dev.icinga.org/issues/5346

Nagios will be affected by following CVEs as well:
CVE-2013-7107
CVE-2013-7108

CVE-2013-7106 is Icinga only.

Cheers
Ricardo

Anfang der weitergeleiteten Nachricht:

> Von: cve-assign@...re.org
> Betreff: Aw: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)
> Datum: 15. Dezember 2013 19:29:59 MEZ
> An: ricardo@...chbrothers.com
> Kopie: cve-assign@...re.org
> 
> Signierter PGP Teil
> Here are the three CVE IDs for your recent reports. Because one report
> mentions CSRF, our expectation is that some type of CSRF impact would
> remain even after the buffer overflows were fixed.
> 
> > This is fixed with Icinga (https://dev.icinga.org/issues/5250):
> > 	1.10.2
> > 	1.9.4
> > 	1.8.5
> >
> > The icinga web gui is susceptible to several buffer overflow flaws,
> > which can be triggered as a logged on user.
> >
> > controlling the program flow by modifying the stack content
> 
> Use CVE-2013-7106.
> 
> 
> > A remote attacker may utilize a CSRF (cross site request forgery)
> > attack vector against a logged in user
> 
> Use CVE-2013-7107.
> 
> 
> > This is fixed with Icinga (https://dev.icinga.org/issues/5251):
> > 	1.10.2
> > 	1.9.4
> > 	1.8.5
> >
> > This probably affects Nagios in current version as well!
> >
> > The icinga web gui are susceptible to an "off-by-one read" error ...
> > the check routine can be forced to skip the terminating null pointer
> > and read the heap address right after the end of the parameter list.
> > Depending on the memory layout, this may result in a memory corruption
> > condition/crash or reading of sensitive memory locations.
> 
> Use CVE-2013-7108.
> 
> --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> 


Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.