CVE-2014-1878

Name of the Vulnerable Software and Affected Versions Nagios Core versions prior to 4.0.3rc1 Icinga versions prior to 1.8.6 Icinga versions 1.9 prior to 1.9.5 Icinga versions 1.10 prior to 1.10.3

Description The issue is related to a stack-based buffer overflow in the cmd submitf function, which can be exploited by remote attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by sending a long message to the cmd.cgi endpoint. Additionally, there are multiple vulnerabilities in the Icinga package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For Nagios Core versions prior to 4.0.3rc1, update to a version later than 4.0.3rc1 to resolve the issue. For Icinga versions prior to 1.8.6, update to version 1.8.6 or later. For Icinga versions 1.9 prior to 1.9.5, update to version 1.9.5 or later. For Icinga versions 1.10 prior to 1.10.3, update to version 1.10.3 or later. As a temporary workaround, consider restricting access to the cmd.cgi endpoint to minimize the risk of exploitation.