Lucene search

K

[email protected]NVD:CVE-2012-6096

HistoryJan 22, 2013 - 11:55 p.m.

CVE-2012-6096

2013-01-2223:55:03

CWE-119

[email protected]

web.nvd.nist.gov

1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

Affected configurations

NVD

Node

nagiosnagiosRange≤3.4.3

OR

nagiosnagiosMatch3.0

OR

nagiosnagiosMatch3.0alpha1

OR

nagiosnagiosMatch3.0alpha2

OR

nagiosnagiosMatch3.0alpha3

OR

nagiosnagiosMatch3.0alpha4

OR

nagiosnagiosMatch3.0alpha5

OR

nagiosnagiosMatch3.0beta1

OR

nagiosnagiosMatch3.0beta2

OR

nagiosnagiosMatch3.0beta3

OR

nagiosnagiosMatch3.0beta4

OR

nagiosnagiosMatch3.0beta5

OR

nagiosnagiosMatch3.0beta6

OR

nagiosnagiosMatch3.0beta7

OR

nagiosnagiosMatch3.0rc1

OR

nagiosnagiosMatch3.0rc2

OR

nagiosnagiosMatch3.0rc3

OR

nagiosnagiosMatch3.0.1

OR

nagiosnagiosMatch3.0.2

OR

nagiosnagiosMatch3.0.3

OR

nagiosnagiosMatch3.0.4

OR

nagiosnagiosMatch3.0.5

OR

nagiosnagiosMatch3.0.6

OR

nagiosnagiosMatch3.1.0

OR

nagiosnagiosMatch3.1.1

OR

nagiosnagiosMatch3.1.2

OR

nagiosnagiosMatch3.2.0

OR

nagiosnagiosMatch3.2.1

OR

nagiosnagiosMatch3.2.2

OR

nagiosnagiosMatch3.2.3

OR

nagiosnagiosMatch3.3.1

OR

nagiosnagiosMatch3.4.0

OR

nagiosnagiosMatch3.4.1

OR

nagiosnagiosMatch3.4.2

Node

icingaicingaMatch1.6.0

OR

icingaicingaMatch1.6.1

OR

icingaicingaMatch1.7.0

OR

icingaicingaMatch1.7.1

OR

icingaicingaMatch1.7.2

OR

icingaicingaMatch1.7.3

OR

icingaicingaMatch1.8.0

OR

icingaicingaMatch1.8.1

OR

icingaicingaMatch1.8.2

OR

icingaicingaMatch1.8.3

References

lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html

lists.opensuse.org/opensuse-updates/2013-01/msg00033.html

lists.opensuse.org/opensuse-updates/2013-01/msg00060.html

lists.opensuse.org/opensuse-updates/2013-01/msg00077.html

lists.opensuse.org/opensuse-updates/2013-01/msg00088.html

secunia.com/advisories/51863

www.debian.org/security/2013/dsa-2616

www.debian.org/security/2013/dsa-2653

www.exploit-db.com/exploits/24084

www.exploit-db.com/exploits/24159

www.nagios.org/projects/nagioscore/history/core-3x

www.osvdb.org/89170

www.securityfocus.com/bid/56879

bugzilla.redhat.com/show_bug.cgi?id=893269

dev.icinga.org/issues/3532

www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

Related for NVD:CVE-2012-6096

nessus13 openvas14 debian3 seebug2 saint4 fedora4 ubuntucve1 securityvulns4 packetstorm2 exploitpack2 cve1 cvelist1 debiancve1 prion1 freebsd1 exploitdb1 gentoo1