Bug 893269 (CVE-2012-6096)

Summary: CVE-2012-6096 nagios: stack-based buffer overflow in history.cgi
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: affix, jose.p.oliveira.oss, lemenkov, mail, ondrejj, shawn.starr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20121209,reported=20130108,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,fedora-all/nagios=affected,epel-6/nagios=affected,cwe=CWE-121[auto]
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-29 18:37:15 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 893270, 893271    
Bug Blocks:    

Description Vincent Danen 2013-01-08 20:52:32 EST
It was reported [1] that Nagios Core's history.cgi is vulnerable to a buffer overflow because it used sprintf on user-supplied data that was not restricted in size.

Due to various protections of the operating system (history.cgi is compiled with SSP, FORTIFY_SOURCE is enabled, etc.) this is not believed to be exploitable and would result in a denial of service to the user sending the input to history.cgi.

This has been fixed in svn (r2547)[2].

[1] http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
[2] http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
Comment 1 Vincent Danen 2013-01-08 20:53:53 EST
Created nagios tracking bugs for this issue

Affects: fedora-all [bug 893270]
Affects: epel-6 [bug 893271]
Comment 2 Jose Pedro Oliveira 2013-01-12 23:49:20 EST
 * Nagios Core 3.4.4 Released
   Saturday, 12 January 2013 07:53 
   http://www.nagios.org/news/77-news-announcements/346-nagios-core-344-released


 * Nagios Core 3.x Version History
   http://www.nagios.org/projects/nagioscore/history/core-3x

   3.4.4 - 01/12/2013
   FIXES

     Reenabled check for newer versions of Nagios Core (Mike Guthrie)
     Fixed bug #408: service checks get duplicated on reload (Eric Stanley)
     Fixed bug #401: segmentation fault on Solaris when parsing unknown timeperiod directives. (Eric Stanley)
     Added NULL pointer checks to CGI code. (Eric Stanley)
     Fixed buffer overflow vulnerability in CGI code. Thanks to Neohapsis (http://archives.neohapsis.com/archives/fulldisclosure/2012-1/0108.html) for finding this. (Eric Stanley)
Comment 3 Fedora Update System 2013-01-22 20:29:48 EST
nagios-3.4.4-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2013-01-22 20:32:26 EST
nagios-3.4.4-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2013-01-22 21:03:04 EST
nagios-3.4.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-01-29 15:01:18 EST
nagios-3.4.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.