DebianDEBIAN:DLA-461-1:5370A[SECURITY] [DLA 461-1] nagios3 security update
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
AI Score
Confidence
High
0.046 Low
EPSS
Percentile
92.6%
Package : nagios3
Version : 3.4.1-3+deb7u2
CVE ID : CVE-2014-1878
A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
in Nagios, a monitoring and management system for hosts, services and
networks, allowed remote attackers to cause a denial of service
(segmentation fault) via a long message to cmd.cgi.
For Debian 7 "Wheezy", this problem has been fixed in version
3.4.1-3+deb7u2.
We recommend that you upgrade your nagios3 packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | kfreebsd-amd64 | icinga-cgi | < 1.7.1-7 | icinga-cgi_1.7.1-7_kfreebsd-amd64.deb |
| Debian | 7 | ia64 | icinga | < 1.7.1-7 | icinga_1.7.1-7_ia64.deb |
| Debian | 6 | all | icinga-common | < 1.0.2-2+squeeze2 | icinga-common_1.0.2-2+squeeze2_all.deb |
| Debian | 7 | i386 | nagios3-cgi | < 3.4.1-3+deb7u2 | nagios3-cgi_3.4.1-3+deb7u2_i386.deb |
| Debian | 7 | i386 | nagios3-core | < 3.4.1-3+deb7u2 | nagios3-core_3.4.1-3+deb7u2_i386.deb |
| Debian | 7 | amd64 | nagios3-dbg | < 3.4.1-3+deb7u2 | nagios3-dbg_3.4.1-3+deb7u2_amd64.deb |
| Debian | 7 | s390 | icinga-cgi | < 1.7.1-7 | icinga-cgi_1.7.1-7_s390.deb |
| Debian | 6 | all | icinga | < 1.0.2-2+squeeze2 | icinga_1.0.2-2+squeeze2_all.deb |
| Debian | 7 | all | nagios3-common | < 3.4.1-3+deb7u2 | nagios3-common_3.4.1-3+deb7u2_all.deb |
| Debian | 8 | i386 | nagios3 | < 3.5.1.dfsg-2+deb8u1 | nagios3_3.5.1.dfsg-2+deb8u1_i386.deb |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
AI Score
Confidence
High
0.046 Low
EPSS
Percentile
92.6%