UBUNTU-CVE-2013-7108

Source
https://ubuntu.com/security/CVE-2013-7108
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-7108.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2013-7108
Related
Published
2014-01-15T00:00:00Z
Modified
2014-01-15T00:00:00Z
Summary
[none]
Details

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

References

Affected packages

Ubuntu:14.04:LTS / icinga

Package

Name
icinga
Purl
pkg:deb/ubuntu/icinga?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.2-1

Affected versions

1.*

1.9.3-2
1.9.3-2build1
1.10.0-1
1.10.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-cgi"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-common"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-core"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-dbg"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-doc"
        },
        {
            "binary_version": "1.10.2-1",
            "binary_name": "icinga-idoutils"
        }
    ]
}

Ubuntu:14.04:LTS / nagios3

Package

Name
nagios3
Purl
pkg:deb/ubuntu/nagios3?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.1-1ubuntu1.1

Affected versions

3.*

3.4.1-5ubuntu2
3.4.1-5ubuntu3
3.5.1-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-cgi"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-cgi-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-common"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-core"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-core-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-dbg"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-dbgsym"
        },
        {
            "binary_version": "3.5.1-1ubuntu1.1",
            "binary_name": "nagios3-doc"
        }
    ]
}

Ubuntu:16.04:LTS / nagios3

Package

Name
nagios3
Purl
pkg:deb/ubuntu/nagios3?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.1.dfsg-2.1ubuntu1.1

Affected versions

3.*

3.5.1-1ubuntu4
3.5.1.dfsg-2ubuntu1
3.5.1.dfsg-2ubuntu2
3.5.1.dfsg-2.1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-cgi"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-cgi-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-common"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-core"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-core-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-dbg"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-dbgsym"
        },
        {
            "binary_version": "3.5.1.dfsg-2.1ubuntu1.1",
            "binary_name": "nagios3-doc"
        }
    ]
}