← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

Candidate: CVE-2012-6096
PublicDate: 2013-01-22
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
 http://www.openwall.com/lists/oss-security/2013/01/08
Description:
 Multiple stack-based buffer overflows in the get_history function in
 history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2,
 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to
 execute arbitrary code via a long (1) host_name variable (host parameter)
 or (2) svc_description variable.
Ubuntu-Description:
Notes:
 mdeslaur> debian bug says nagios patch is possibly incomplete
 mdeslaur> downgrading to "negligible" because of FORTIFY_SOURCE
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697930 (nagios3)
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697931 (icinga)
Priority: negligible
Discovered-by:
Assigned-to:

Patches_nagios3:
 upstream: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
 vendor: http://www.debian.org/security/2013/dsa-2616
Tags_nagios3: fortify-source
upstream_nagios3: released (3.4.1-3)
hardy_nagios3: DNE
lucid_nagios3: ignored (reached end-of-life)
oneiric_nagios3: ignored (reached end-of-life)
precise_nagios3: ignored (reached end-of-life)
precise/esm_nagios3: DNE (precise was needed)
quantal_nagios3: ignored (reached end-of-life)
raring_nagios3: not-affected (3.4.1-3)
saucy_nagios3: not-affected (3.4.1-3)
trusty_nagios3: not-affected (3.4.1-3)
utopic_nagios3: not-affected (3.4.1-3)
vivid_nagios3: not-affected (3.4.1-3)
vivid/stable-phone-overlay_nagios3: DNE
vivid/ubuntu-core_nagios3: DNE
wily_nagios3: not-affected (3.4.1-3)
xenial_nagios3: not-affected (3.4.1-3)
yakkety_nagios3: not-affected (3.4.1-3)
zesty_nagios3: not-affected (3.4.1-3)
devel_nagios3: not-affected (3.4.1-3)

Patches_icinga:
 upstream: https://git.icinga.org/?p=icinga-core.git;a=commit;h=46f55574afa934f9e0bce5e9aac7f45530ff0058
 vendor: http://www.debian.org/security/2013/dsa-2653
Tags_icinga: fortify-source
upstream_icinga: released (1.7.1-5)
hardy_icinga: DNE
lucid_icinga: DNE
oneiric_icinga: ignored (reached end-of-life)
precise_icinga: ignored (reached end-of-life)
precise/esm_icinga: DNE (precise was needed)
quantal_icinga: ignored (reached end-of-life)
raring_icinga: not-affected (1.7.1-5)
saucy_icinga: not-affected (1.7.1-5)
trusty_icinga: not-affected (1.7.1-5)
utopic_icinga: not-affected (1.7.1-5)
vivid_icinga: not-affected (1.7.1-5)
vivid/stable-phone-overlay_icinga: DNE
vivid/ubuntu-core_icinga: DNE
wily_icinga: not-affected (1.7.1-5)
xenial_icinga: not-affected (1.7.1-5)
yakkety_icinga: not-affected (1.7.1-5)
zesty_icinga: not-affected (1.7.1-5)
devel_icinga: not-affected (1.7.1-5)