Vulnerability CVE-2013-7106

Vulnerability Name:

CVE-2013-7106 (CCN-89799)

Assigned:

2013-12-16

Published:

2013-12-16

Updated:

2014-02-25

Summary:

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c.
Note: this can be exploited without authentication by leveraging CVE-2013-7107.

CVSS v3 Severity:

8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

8.5 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-7106

Source: CCN
Type: Bugtraq Mailing List, Mon Mar 24 2014
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga

Source: CCN
Type: oss-sec Mailing List, Mon, 16 Dec 2013 21:22:40 +0100
Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)

Source: CCN
Type: SA55987
Icinga Off-By-One and Buffer Overflow Vulnerabilities

Source: CCN
Type: Icinga Web site
Home - Icinga: Open Source Monitoring

Source: MLIST
Type: UNKNOWN
[oss-security] 20131216 Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251)

Source: CCN
Type: OSVDB ID: 101022
Icinga Web Interface Multiple Remote Buffer Overflows

Source: CCN
Type: BID-64374
Icinga Web Interface CVE-2013-7106 Multiple Unspecified Buffer Overflow Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
https://dev.icinga.org/issues/5250

Source: XF
Type: UNKNOWN
icinga-cve20137106-bo(89799)

Source: CONFIRM
Type: Vendor Advisory
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7106

Vulnerable Configuration:

Configuration 1:

cpe:/a:icinga:icinga:0.8.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:0.8.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:0.8.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:0.8.3:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:0.8.4:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.0:rc1:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.7.4:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.8.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.8.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.8.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.8.3:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:*:*:*:*:*:*:*:* (Version <= 1.8.4)

OR cpe:/a:icinga:icinga:1.9.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.9.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.9.2:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.9.3:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.10.0:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.10.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:icinga:icinga:1.8.4:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.10.1:*:*:*:*:*:*:*

OR cpe:/a:icinga:icinga:1.9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:24722	P	DSA-2956-1 icinga - security update	2014-08-11
oval:com.ubuntu.precise:def:20137106000	V	CVE-2013-7106 on Ubuntu 12.04 LTS (precise) - medium.	2014-01-15
oval:com.ubuntu.xenial:def:201371060000000	V	CVE-2013-7106 on Ubuntu 16.04 LTS (xenial) - medium.	2014-01-15
oval:com.ubuntu.trusty:def:20137106000	V	CVE-2013-7106 on Ubuntu 14.04 LTS (trusty) - medium.	2014-01-15
oval:com.ubuntu.xenial:def:20137106000	V	CVE-2013-7106 on Ubuntu 16.04 LTS (xenial) - medium.	2014-01-15

BACK