Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-14T18:00:00

Updated: 2024-08-06T18:01:19.482Z

Reserved: 2013-12-15T00:00:00

Link: CVE-2013-7106

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-01-15T16:08:03.877

Modified: 2024-11-21T02:00:21.693

Link: CVE-2013-7106

cve-icon Redhat

No data.