CVE-2012-6096 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
nagios	nagios	𝑥 ≤ 3.4.3
nagios	nagios	3.0
nagios	nagios	3.0:alpha1
nagios	nagios	3.0:alpha2
nagios	nagios	3.0:alpha3
nagios	nagios	3.0:alpha4
nagios	nagios	3.0:alpha5
nagios	nagios	3.0:beta1
nagios	nagios	3.0:beta2
nagios	nagios	3.0:beta3
nagios	nagios	3.0:beta4
nagios	nagios	3.0:beta5
nagios	nagios	3.0:beta6
nagios	nagios	3.0:beta7
nagios	nagios	3.0:rc1
nagios	nagios	3.0:rc2
nagios	nagios	3.0:rc3
nagios	nagios	3.0.1
nagios	nagios	3.0.2
nagios	nagios	3.0.3
nagios	nagios	3.0.4
nagios	nagios	3.0.5
nagios	nagios	3.0.6
nagios	nagios	3.1.0
nagios	nagios	3.1.1
nagios	nagios	3.1.2
nagios	nagios	3.2.0
nagios	nagios	3.2.1
nagios	nagios	3.2.2
nagios	nagios	3.2.3
nagios	nagios	3.3.1
nagios	nagios	3.4.0
nagios	nagios	3.4.1
nagios	nagios	3.4.2
icinga	icinga	1.6.0
icinga	icinga	1.6.1
icinga	icinga	1.7.0
icinga	icinga	1.7.1
icinga	icinga	1.7.2
icinga	icinga	1.7.3
icinga	icinga	1.8.0
icinga	icinga	1.8.1
icinga	icinga	1.8.2
icinga	icinga	1.8.3

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

icinga

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	ignored
precise	ignored
oneiric	ignored
lucid	dne
hardy	dne

nagios3

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	ignored
precise	ignored
oneiric	ignored
lucid	ignored
hardy	dne

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html

http://secunia.com/advisories/51863

http://www.debian.org/security/2013/dsa-2616

http://www.debian.org/security/2013/dsa-2653

http://www.exploit-db.com/exploits/24084

http://www.exploit-db.com/exploits/24159

http://www.nagios.org/projects/nagioscore/history/core-3x

http://www.osvdb.org/89170

http://www.securityfocus.com/bid/56879

https://bugzilla.redhat.com/show_bug.cgi?id=893269

https://dev.icinga.org/issues/3532

https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/

http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html

http://secunia.com/advisories/51863

http://www.debian.org/security/2013/dsa-2616

http://www.debian.org/security/2013/dsa-2653

http://www.exploit-db.com/exploits/24084

http://www.exploit-db.com/exploits/24159

http://www.nagios.org/projects/nagioscore/history/core-3x

http://www.osvdb.org/89170

http://www.securityfocus.com/bid/56879

https://bugzilla.redhat.com/show_bug.cgi?id=893269

https://dev.icinga.org/issues/3532

https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/