CVE-2013-7205

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
nagiosnagios
𝑥
≤ 4.0.2
nagiosnagios
3.0
nagiosnagios
3.0:alpha1
nagiosnagios
3.0:alpha2
nagiosnagios
3.0:alpha3
nagiosnagios
3.0:alpha4
nagiosnagios
3.0:alpha5
nagiosnagios
3.0:beta1
nagiosnagios
3.0:beta2
nagiosnagios
3.0:beta3
nagiosnagios
3.0:beta4
nagiosnagios
3.0:beta5
nagiosnagios
3.0:beta6
nagiosnagios
3.0:beta7
nagiosnagios
3.0:rc1
nagiosnagios
3.0:rc2
nagiosnagios
3.0:rc3
nagiosnagios
3.0.1
nagiosnagios
3.0.2
nagiosnagios
3.0.3
nagiosnagios
3.0.4
nagiosnagios
3.0.5
nagiosnagios
3.0.6
nagiosnagios
3.1.0
nagiosnagios
3.1.1
nagiosnagios
3.1.2
nagiosnagios
3.2.0
nagiosnagios
3.2.1
nagiosnagios
3.2.2
nagiosnagios
3.2.3
nagiosnagios
3.3.1
nagiosnagios
3.4.0
nagiosnagios
3.4.1
nagiosnagios
3.4.2
nagiosnagios
3.4.3
nagiosnagios
3.5.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios3
zesty
Fixed 3.5.1.dfsg-2.1ubuntu5
released
yakkety
Fixed 3.5.1.dfsg-2.1ubuntu3.1
released
xenial
Fixed 3.5.1.dfsg-2.1ubuntu1.1
released
wily
ignored
vivid
ignored
utopic
ignored
trusty
Fixed 3.5.1-1ubuntu1.1
released
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/55976
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
http://www.openwall.com/lists/oss-security/2013/12/24/1
http://www.securityfocus.com/bid/64489
https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html
http://secunia.com/advisories/55976
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
http://www.mandriva.com/security/advisories?name=MDVSA-2014:004
http://www.openwall.com/lists/oss-security/2013/12/24/1
http://www.securityfocus.com/bid/64489
https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html