Launchpad CVE tracker

CVE 2012-6096

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

Related bugs and status

CVE-2012-6096 (Candidate) is related to these bugs:

Bug #1106109: Buffer overflow vulnerability in history.cgi

Summary				In	Importance	Status
	1106109	Buffer overflow vulnerability in history.cgi		nagios3 (Ubuntu)	Medium	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://lists.grok.org....
MISC: http://www.exploit-db....
MISC: http://www.exploit-db....
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.osvdb.org/8...
MISC: http://www.debian.org/...
MISC: http://www.debian.org/...
MISC: http://www.nagios.org/...
MISC: https://bugzilla.redha...
MISC: https://dev.icinga.org...
MISC: https://www.icinga.org...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....

Launchpad.net

CVE 2012-6096

Related bugs and status

Related bugs

References