CVE-2013-7108

Name of the Vulnerable Software and Affected Versions Icinga versions prior to 1.8.5 Icinga versions 1.9 prior to 1.9.4 Icinga versions 1.10 prior to 1.10.2

Description The issue is related to multiple off-by-one errors in the Icinga package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. This can lead to obtaining sensitive information from process memory or causing a denial of service (crash) via a long string in the last key value in the variable list to the process cgivars function in various files within the cgi/ directory, triggering a heap-based buffer over-read.

Recommendations For Icinga versions prior to 1.8.5, update to version 1.8.5 or later. For Icinga versions 1.9 prior to 1.9.4, update to version 1.9.4 or later. For Icinga versions 1.10 prior to 1.10.2, update to version 1.10.2 or later.