Debian Security Advisory

DSA-2616-1 nagios3 -- buffer overflow in CGI scripts

Date Reported:
03 Feb 2013
Affected Packages:
nagios3
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 697930.
In Mitre's CVE dictionary: CVE-2012-6096.
More information:

A buffer overflow problem has been found in nagios3, a host/service/network monitoring and management system. A malicious client could craft a request to history.cgi and cause application crashes.

For the stable distribution (squeeze), this problem has been fixed in version 3.2.1-2+squeeze1.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 3.4.1-3.

We recommend that you upgrade your nagios3 packages.