Main Vulnerability Database Exploits ID:3638 - Exploit for Input validation error in Nagios - CVE-2013-7108

ID:3638 - Exploit for Input validation error in Nagios - CVE-2013-7108

Published: July 29, 2020

Vulnerability identifier: #VU32581

Vulnerability risk: Low

CVE-ID: CVE-2013-7108

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Nagios

Link to public exploit:

https://www.exploit-db.com/exploits/38882/

Vulnerability description

The vulnerability allows a remote #AU# to #BASIC_IMPACT#.

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Remediation

Install update from vendor's website.

ID:3638 - Exploit for Input validation error in Nagios - CVE-2013-7108

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human