NVD

Id
41913  
Name
CVE-2013-7106  
Description
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-01-15  
Modified Date
2014-02-25  
Seq
2013-7106  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
211607 41913 CVE-2013-7106 [oss-security] 20131216 Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)  View
211608 41913 CVE-2013-7106 https://dev.icinga.org/issues/5250  View
211609 41913 CVE-2013-7106 https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24269 JVNDB-2013-005844 Icinga におけるスタックベースのバッファオーバーフローの脆弱性 Icinga には、スタックベースのバッファオーバーフローの脆弱性が存在します。 CVE-2013-7106 67048 CVE-2013-7106 41913 6.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005844.html 2013-12-17 2014-01-16 View