Security Information / 2013 / Security Information -- DSA-2616-1 nagios3

Debian Security Advisory

DSA-2616-1 nagios3 -- buffer overflow in CGI scripts

Date Reported:

03 Feb 2013

Affected Packages:

nagios3

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 697930.
In Mitre's CVE dictionary: CVE-2012-6096.

More information:

A buffer overflow problem has been found in nagios3, a host/service/network monitoring and management system. A malicious client could craft a request to history.cgi and cause application crashes.

For the stable distribution (squeeze), this problem has been fixed in version 3.2.1-2+squeeze1.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 3.4.1-3.

We recommend that you upgrade your nagios3 packages.