CVE-2013-7106

Name of the Vulnerable Software and Affected Versions Icinga versions prior to 1.8.5 Icinga versions prior to 1.9.4 Icinga versions prior to 1.10.2

Description The issue allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long string to certain functions, including display nav table, page limit selector, print export link, page num selector, status page num selector, and display command expansion. It can also be exploited without authentication by leveraging another vulnerability.

Recommendations For Icinga versions prior to 1.8.5, update to version 1.8.5 or later. For Icinga versions prior to 1.9.4, update to version 1.9.4 or later. For Icinga versions prior to 1.10.2, update to version 1.10.2 or later. As a temporary workaround, consider restricting access to the cgi/cgiutils.c, cgi/status.c, and cgi/config.c files until a patch is available.