CVE-2013-7108 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-7108 Interim 1 19 2024-07-27T01:25:42Z current 2021-05-30T13:16:47Z 2024-07-27T01:25:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-7108 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2014-January/000704.html E-Mail link for SUSE-SU-2014:0156-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Manager Client Tools for SLE 12 openSUSE Tumbleweed icinga icinga-1.13.3-2.4 icinga-devel-1.13.3-2.4 icinga-doc-1.13.3-2.4 icinga-idoutils-1.13.3-2.4 icinga-idoutils-mysql-1.13.3-2.4 icinga-idoutils-oracle-1.13.3-2.4 icinga-idoutils-pgsql-1.13.3-2.4 icinga-plugins-downtimes-1.13.3-2.4 icinga-plugins-eventhandlers-1.13.3-2.4 icinga-www-1.13.3-2.4 icinga-www-config-1.13.3-2.4 monitoring-tools-1.13.3-2.4 nagios-3.0.6-1.25.34.1 nagios-3.0.6-1.25.36.1 nagios-4.4.6-2.5 nagios-contrib-4.4.6-2.5 nagios-devel-3.0.6-1.25.34.1 nagios-devel-3.0.6-1.25.36.1 nagios-devel-4.4.6-2.5 nagios-theme-exfoliation-4.4.6-2.5 nagios-www-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.36.1 nagios-www-4.4.6-2.5 nagios-www-dch-4.4.6-2.5 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP2 nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP2 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP3 nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP3 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA nagios-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-www-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 nagios-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 nagios-devel-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 nagios-www-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 nagios-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 nagios-devel-3.0.6-1.25.34.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 nagios-www-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 nagios-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-devel-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-www-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 icinga-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-devel-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-doc-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-mysql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-oracle-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-pgsql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-downtimes-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-eventhandlers-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-config-1.13.3-2.4 as a component of openSUSE Tumbleweed monitoring-tools-1.13.3-2.4 as a component of openSUSE Tumbleweed nagios-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-contrib-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-devel-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-theme-exfoliation-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-dch-4.4.6-2.5 as a component of openSUSE Tumbleweed icinga as a component of SUSE Manager Client Tools for SLE 12 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. CVE-2013-7108 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP2:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP2:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP3:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP3:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Server 11 SP4:nagios-3.0.6-1.25.36.1 SUSE Linux Enterprise Server 11 SP4:nagios-www-3.0.6-1.25.36.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Software Development Kit 11 SP2:nagios-3.0.6-1.25.34.1 SUSE Linux Enterprise Software Development Kit 11 SP2:nagios-devel-3.0.6-1.25.34.1 SUSE Linux Enterprise Software Development Kit 11 SP2:nagios-www-3.0.6-1.25.34.1 SUSE Linux Enterprise Software Development Kit 11 SP3:nagios-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP3:nagios-devel-3.0.6-1.25.34.1 SUSE Linux Enterprise Software Development Kit 11 SP3:nagios-www-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-devel-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-www-3.0.6-1.25.36.1 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 openSUSE Tumbleweed:nagios-4.4.6-2.5 openSUSE Tumbleweed:nagios-contrib-4.4.6-2.5 openSUSE Tumbleweed:nagios-devel-4.4.6-2.5 openSUSE Tumbleweed:nagios-theme-exfoliation-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-dch-4.4.6-2.5 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P