SB2014020528 - Out-of-bounds read in nagios (Alpine package)
Published: February 5, 2014 Updated: August 8, 2022
Security Bulletin ID
SB2014020528
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2013-7205)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a long string in the last key value in the variable list, which triggers a heap-based buffer over-read within the Off-by-one error in the process_cgivars function in contrib/daemonchk.c. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=bc591804416645cfa8daae8a4d4ab036ba72a402
- https://git.alpinelinux.org/aports/commit/?id=c9d8a6c05b5f9253252739560fe8d76468e826c0
- https://git.alpinelinux.org/aports/commit/?id=ea378e00bf8b68874150bc606edc6818b9ff233f
- https://git.alpinelinux.org/aports/commit/?id=0fc285b2ea702c82941928cdfa4e521addba1705