CVE-2014-1878

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

References

http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html

http://secunia.com/advisories/57024

http://www.securityfocus.com/bid/65605

https://bugzilla.redhat.com/show_bug.cgi?id=1066578

https://dev.icinga.org/issues/5434

https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html

https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6

Details

Source: MITRE

Published: 2014-02-28

Updated: 2018-12-25

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
119875Debian DLA-1615-1 : nagios3 security updateNessusDebian Local Security Checks
high
103651Amazon Linux AMI : nagios (ALAS-2017-899)NessusAmazon Linux Local Security Checks
critical
100677Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : nagios3 regression (USN-3253-2)NessusUbuntu Local Security Checks
high
99182Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : nagios3 vulnerabilities (USN-3253-1)NessusUbuntu Local Security Checks
high
90945Debian DLA-461-1 : nagios3 security updateNessusDebian Local Security Checks
medium
82205Debian DLA-60-1 : icinga security updateNessusDebian Local Security Checks
medium
75321openSUSE Security Update : nagios (openSUSE-SU-2014:0516-1)NessusSuSE Local Security Checks
medium
74477Debian DSA-2956-1 : icinga - security updateNessusDebian Local Security Checks
medium
74068Mandriva Linux Security Advisory : nagios (MDVSA-2014:089)NessusMandriva Local Security Checks
medium
73707SuSE 11.3 Security Update : nagios (SAT Patch Number 9071)NessusSuSE Local Security Checks
medium