Vigil@nce - Nagios: denial of service via CGI
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a Nagios CGI query with a long variable, in
order to trigger a denial of service.
Impacted products: Nagios Open Source, openSUSE
Severity: 2/4
Creation date: 23/12/2013
DESCRIPTION OF THE VULNERABILITY
The Nagios service uses CGI programs.
The process_cgivars() function analyzes received variables.
However, if a variable name has a size of MAX_INPUT_BUFFER-1
(1023), the index is incremented twice, and Nagios continues to
read after the ’\0’ terminator.
An attacker can therefore use a Nagios CGI query with a long
variable, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Nagios-denial-of-service-via-CGI-13986