Vigil@nce - Nagios: buffer overflow of cmd_submitf
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in the cmd_submitf()
function of Nagios, in order to trigger a denial of service, and
possibly to execute code.
Impacted products: Nagios Open Source, openSUSE
Severity: 1/4
Creation date: 11/04/2014
DESCRIPTION OF THE VULNERABILITY
The cmd.cgi program, which is restricted to authorized users, can
be used to send commands to the Nagios process.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in the cmd_submitf() function of
the cgi/cmd.c file.
An attacker can therefore generate a buffer overflow in the
cmd_submitf() function of Nagios, in order to trigger a denial of
service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Nagios-buffer-overflow-of-cmd-submitf-14581